An Extended Ontology for Security Requirements Fabio Massacci 1 , John Mylopoulos 1 , Federica Paci 1 , Thein Thun Tun 2 , and Yijun Yu 2 1 Department of Information Engineering and Computer Science, University of Trento, Italy 2 Department of Computing, The Open University, UK {fabio.massacci,mylopoulos,paci}@disi.unitn.it,{t.t.tun,y.yu}@open.ac.uk Abstract. Security concerns for physical, software and virtual worlds have captured the attention of researchers and the general public, thanks to a series of dramatic events during the past decade. Unsurprisingly, this has resulted in increased research activity on topics that relate to security requirements. At the very core of this activity lies the problem of deter- mining a suitable set of concepts (aka ontology) for modeling security requirements. Many proposals for such ontologies exist in the literature. The main objective of this paper is to amalgamate and extend the se- curity ontologies proposed in [1] and [2]. The amalgamation includes a careful comparison of primitive concepts in Problem Frames and Secure Tropos, but also offers a novel account for rather nebulous security con- cepts, such as those of vulnerability and threat. The new concepts are justified and related to the literature. Moreover, the paper offers a num- ber of security requirements adopted from industrial case studies, along with their respective representation in terms of the proposed ontology. 1 Introduction Security concerns for physical, software and virtual worlds have captured the attention of researchers and general public, thanks to a series of dramatic events during the past decade. Unsurprisingly, this has resulted in increased research activity on topics that relate to security requirements. At the very core of this activity lies the problem of determining a suitable set of concepts (aka ontology) for security requirements. In other words, the problem consists of selecting a suitable set of primitives through which security requirements can be conceptu- alised [3] for purposes of modeling, analysis and communication. The problem is clearly articulated in [4], where more than a dozen recent proposals for such security ontologies are reviewed and compared. Massaccci et al. [1] presents one such proposal for an ontology, based largely on the PhD thesis of Nicola Zannone [5], and founded on the modeling frame- work of i* and Tropos. In parallel, Haley et al. [2] proposed Abuse Frames to take advantages of the analytical capability of Problem Frames [6]. Both proposals have their advantages: with goal-oriented security requirements analysis, mali- cious intentions of attackers can be identified through explicit characterization of