Analysis of Security Requirements Engineering: Towards a Comprehensive Approach
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2016, Vol 7, Issue 11
Abstract
Software’s security depends greatly on how a system was designed, so it’s very important to capture security requirements at the requirements engineering phase. Previous research proposes different approaches, but each is looking at the same problem from a different perspective such as the user, the threat, or the goal perspective. This creates huge gaps between them in terms of the used terminology and the steps followed to obtain security requirements. This research aims to define an approach as comprehensive as possible, incorporating the strengths and best practices found in existing approaches, and filling the gaps between them. To achieve that, relevant literature reviews were studied and primary approaches were compared to find their common and divergent traits. To guarantee comprehensiveness, a documented comparison process was followed. The outline of our approach was derived from this comparison. As a result, it reconciles different perspectives to security requirements engineering by including: the identification of stakeholders, assets and goals, and tracing them later to the elicited requirements, performing risk assessment in conformity with standards and performing requirements validation. It also includes the use of modeling artifacts to describe threats, risks or requirements, and defines a common terminology.
Authors and Affiliations
Ilham Maskani, Jaouad Boutahar, Souhaïl El Ghazi El Houssaïni
Keywords
Related Articles
- EP ID EP358962
- DOI 10.14569/IJACSA.2016.071106
- Views 121
- Downloads 0
Weighted Minkowski Similarity Method with CBR for Diagnosing Cardiovascular Disease
This study implements Case-Based Reasoning (CBR) to make the early diagnosis of cardiovascular disease based on the calculation of the feature similarity of old cases. The features used to match old cases with new ones...
Multi-Robot Path-Planning Problem for a Heavy Traffic Control Application: A Survey
This survey looked at the methods used to solve multi-autonomous vehicle path-planning for an application of heavy traffic control in cities. Formally, the problem consisted of a graph and a set of robots. Each robot has...
The SVM Classifier Based on the Modified Particle Swarm Optimization
The problem of development of the SVM classifier based on the modified particle swarm optimization has been considered. This algorithm carries out the simultaneous search of the kernel function type, values of the kernel...
A Survey of Topic Modeling in Text Mining
Topic models provide a convenient way to analyze large of unclassified text. A topic contains a cluster of words that frequently occur together. A topic modeling can connect words with similar meanings and distinguish be...
Towards A Broader Adoption of Agile Software Development Methods
Traditionally, software design and development has been following the engineering approach as exemplified by the waterfall model, where specifications have to be fully detailed and agreed upon prior to starting the softw...