@inproceedings{def762eaca064bd0bb338c8ef8058402,
title = "A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations",
abstract = "Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In particular, we identify the basic concepts for modeling and analyzing vulnerabilities and their effects on the system. These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities. We show how the proposed modeling ontology can be adopted in various conceptual modeling frameworks through examples. Financial support from Natural Science and Engineering Research Council of Canada and Bell University Labs is gratefully acknowledged.",
author = "G. Elahi and E. Yu and N. Zannone",
year = "2009",
doi = "10.1007/978-3-642-04840-1_10",
language = "English",
isbn = "978-3-642-04839-5",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "99--114",
editor = "A.H.F. Laender and S. Castano and U. Dayal and F. Casati and {Palazzo Moreira de Oliveira}, J.",
booktitle = "Conceptual Modeling - ER 2009 (28th International Conference on Conceptual Modeling, Gramado, Brazil, November 9-12, 2009. Proceedings)",
address = "Germany",
}