Security requirements are known to be “the most difficult of requirements types” and potentially the ones causing the greatest risk if they are not correct. One approach to requirements elicitation is based on the reuse of explicit knowledge. AMAN-DA is a requirement elicitation method that reuses encapsulated knowledge in security and domain ontologies to produce security requirements specifications. The main research question addressed in this paper is to what extent is AMAN-DA able to generate domain-specific security requirements? Following a well-documented process, a case study related to the maritime domain was undertaken with the goal to demonstrate the utility and effectiveness of AMAN-DA for the elicitation and analysis of domain-specific security requirements. The usefulness of the method was also evaluated with a group of 12 experts. The paper demonstrates the elicitation of domain-specific security requirements by presenting the AMAN-DA method and its application. It describes the evaluation and reports some significant results and their implications for practice and future research, especially for the field of knowledge reuse in requirements engineering.

中文翻译：

---

使用 AMAN-DA 方法生成安全需求：海事领域的案例研究

众所周知，安全需求是“最困难的需求类型”，如果它们不正确，可能会导致最大的风险。需求获取的一种方法是基于显性知识的重用。AMAN-DA 是一种需求获取方法，它重用安全和领域本体中的封装知识来生成安全需求规范。本文主要研究的问题是 AMAN-DA 能够在多大程度上产生特定领域的安全需求？在经过充分记录的过程之后，进行了与海洋领域相关的案例研究，目的是证明 AMAN-DA 在引出和分析特定领域的安全要求方面的效用和有效性。该方法的有效性还由 12 名专家组成的小组进行了评估。本文通过介绍 AMAN-DA 方法及其应用，论证了特定领域安全需求的引出。它描述了评估并报告了一些重要的结果及其对实践和未来研究的影响，特别是对于需求工程中的知识重用领域。