Eliciting Security Requirements - an Experience Report (REFSQ 2023 - Research Papers)

Who

Roman Trentinaglia, Sven Merschjohann, Markus Fockel, Hendrik Eikerling, Jason Jaskolka

Track

REFSQ 2023 Research Papers

Time Zone

The program is currently displayed in (GMT+02:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+02:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Thu 20 Apr 2023 14:20 - 14:40 at Llívia - Session R10 - Security Requirements and Best Poster and Tool Chair(s): Sallam Abualhaija, Elda Paja

Abstract

Cyber-physical systems, like modern cars and industrial automation systems, are highly connected and complex. Their various interconnections open interfaces for attackers, and their complexity increases the risk of undetected security vulnerabilities. Hence, an important part of requirements engineering is threat modeling. It is a means to elicit security assets, goals, and assumptions, and to derive required security controls. Effective threat modeling needs a systematic workshop setup. In this paper, we report our experiences and lessons learned from threat modeling workshops that we conducted with industry partners from the domains of industrial automation, health care, smart home, and automotive. In conclusion, we derive a set of open challenges.

Roman TrentinagliaPresenter

Fraunhofer IEM

Germany

Sven MerschjohannAuthor

Fraunhofer IEM

Germany

Markus FockelAuthor

Fraunhofer IEM

Germany

Hendrik EikerlingAuthor

Fraunhofer IEM

Germany

Jason JaskolkaDiscussant

Carleton University

Canada

Time Zone

The program is currently displayed in (GMT+02:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+02:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Thu 20 Apr
Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

14:00 - 15:30	Session R10 - Security Requirements and Best Poster and ToolResearch Papers at Llívia Chair(s): Sallam Abualhaija University of Luxembourg, Elda Paja IT University of Copenhagen Elda will chair the part of the session dedicated to the scientific papers, and Sallam will chair the best poster and best tool

14:00 20m Research preview		Understanding the Role of Human-Related Factors in Security Requirements Elicitation Research Papers P: Jason Jaskolka Carleton University, A: Sanaa Alwidian Ontario Tech University, D: Roman Trentinaglia Fraunhofer IEM
14:20 20m Experience report		Eliciting Security Requirements - an Experience Report Research Papers P: Roman Trentinaglia Fraunhofer IEM, A: Sven Merschjohann Fraunhofer IEM, A: Markus Fockel Fraunhofer IEM, A: Hendrik Eikerling Fraunhofer IEM, D: Jason Jaskolka Carleton University
14:40 20m Journal Early-Feedback		The Relationship between Team Climate and Implementation of Security in Software Development Research Papers A: Irit Hadar University of Haifa, P: Micha Prudjinski University of Haifa, A: Gil Luria University of Haifa, D: Paola Spoletini Kennesaw State University, D: Daniel Amyot University of Ottawa
15:00 10m		Best Poster Research Papers
15:10 10m		Best Tool Research Papers