Capturing security requirements for software systems
Author's Department
Computer Science & Engineering Department
Find in your Library
https://doi.org/10.1016/j.jare.2014.03.001
Document Type
Research Article
Publication Title
Journal of Advanced Research
Publication Date
1-1-2014
doi
10.1016/j.jare.2014.03.001
Abstract
Security is often an afterthought during software development. Realizing security early, especially in the requirement phase, is important so that security problems can be tackled early enough before going further in the process and avoid rework. A more effective approach for security requirement engineering is needed to provide a more systematic way for eliciting adequate security requirements. This paper proposes a methodology for security requirement elicitation based on problem frames. The methodology aims at early integration of security with software development. The main goal of the methodology is to assist developers elicit adequate security requirements in a more systematic way during the requirement engineering process. A security catalog, based on the problem frames, is constructed in order to help identifying security requirements with the aid of previous security knowledge. Abuse frames are used to model threats while security problem frames are used to model security requirements. We have made use of evaluation criteria to evaluate the resulting security requirements concentrating on conflicts identification among requirements. We have shown that more complete security requirements can be elicited by such methodology in addition to the assistance offered to developers to elicit security requirements in a more systematic way. © 2014.
First Page
463
Last Page
472
Recommended Citation
APA Citation
El-Hadary, H.
&
El-Kassas, S.
(2014). Capturing security requirements for software systems. Journal of Advanced Research, 5(4), 463–472.
10.1016/j.jare.2014.03.001
https://fount.aucegypt.edu/faculty_journal_articles/1827
MLA Citation
El-Hadary, Hassan, et al.
"Capturing security requirements for software systems." Journal of Advanced Research, vol. 5,no. 4, 2014, pp. 463–472.
https://fount.aucegypt.edu/faculty_journal_articles/1827