SecML

A metamodel for the Security Modeling Language (SecML) based on a basic requirements metamodel extended with security concepts for defining security requirements.
Specurity Aspects
Name
Description
Defines basic security concepts, requirements and access control rights.
Specification Elements
Name
Description
The source of information from which a requirement or a catalogue of requirements has been obtained.
A catalogue of requirements.
Describes a goal to be achieved.
A stakeholder involved into the development or using the system.
A requirement the system has to fulfill.
A functionality required by the system.
A non-functional requirement the system has to fulfill such as security requirements.
A concrete security requirement.
A security requirement for authorization.
A condition used as part of authorization.
A security requirement for availability.
Ways to realize access control such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), or Hierarchical Role-Based Access Control (HRBAC).
A role in the system.
Used for associating a security level and an operation with a role
A security level related to an asset in the system.
Permissions that are assigned to roles and are needed for accessing assets or operations.
A functionality provided by the system.
A security requirement for privacy.
A security requirement for integrity.
A security requirement for access control.
A security requirement for authentication.
A security requirement for an audit.
A security requirement for non-repudiation.
A glossary of relevant terms.
The definition of a term in the glossary.
The method though which the system shall be validated concerning a requirement.
Safeguards are put in place to reduce risk. Safeguard functions are actions that reduce risk. Safeguard measures are physical or logical devices or processes that reduce risk.
A detailed contingency plan is essential to reduce the threat of damage. This plan should include a set of safeguards.
A set of requirements that are related to the same asset and reduce the effects of the same attack to achieve the same security objective.
An asset is a physical or logical object that has intrinsic value and deserves protection. Assets can take many forms, including documents, data tables, and more, and they are essential for any business.
Assets can be damaged by a threat. A threat has properties, including type, frequency, probability of success, and degradation. Degradation is the level of damage caused to an asset if a threat achieves its goal.