A Catalogue of Reusable Security Concerns: Focus on Privacy Threats

With the increasing number of cyber-attacks, organizations are giving more importance to secure their systems. Security shall be considered from the very beginning, including requirement engineering processes to prevent common vulnerabilities as well to avoid re-work costs. However, there is not yet an appropriate approach to specify such security requirements in a rigorous and systematic way. Such approach would allow defining and specifying security-specific concepts like vulnerabilities, threats or attacks. In addition, it would support the catalogue structure with reusable security requirements. The strategy we follow to address this challenge involves the following aspects: First, we decide to use the recent RSLingo RSL language as the underline for a rigorous requirements specification language. Second, we extend this language by including security-specific concepts with a comprehensive requirements classification schema involving the following aspects: solution versus problem, abstract versus concrete and positive versus negative requirements. Third, we apply this extended language with an illustrative sample of security requirements and other concepts, which can be easily reused and extended by the community. The current version of this catalogue aggregates 20 packages, one of which is the privacy concerns package that is the focus of this paper and includes currently 51 security requirements, 27 vulnerabilities, and 21 threats.