More Web Proxy on the site http://driver.im/

short-paper

Which Security Requirements Engineering Methodology Should I Choose?: Towards a Requirements Engineering-based Evaluation Approach

Authors:

Sravani Teja Bulusu,

Romain Laborde,

Ahmad Samer Wazan,

Francois Barrère,

Abdelmalek BenzekriAuthors Info & Claims

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

Article No.: 29, Pages 1 - 6

https://doi.org/10.1145/3098954.3098996

Published: 29 August 2017 Publication History

Abstract

Since many decades, requirements engineering domain has seen significant enhancements towards adapting the security and risk analysis concepts. In this regard, there exist numerous security requirements engineering methodologies that support elicitation and evaluation of the security requirements. However, selecting a security requirements engineering methodology (SRE) for a given context of use often depends on a set of ad hoc criteria. In this paper, we propose a methodological evaluation methodology that helps in identifying the characteristics of a good SRE methodology.

References

[1]

N. R. Mead and T. Stehney, Security quality requirements engineering (SQUARE) methodology, vol. 30. ACM, 2005.

Digital Library

[2]

A. van Lamsweerde, 'Elaborating security requirements by construction of intentional anti-models', in 26th International Conference on Software Engineering, 2004. ICSE 2004. Proceedings, 2004, pp. 148--157.

Digital Library

[3]

A. Van Lamsweerde, Requirements engineering: from system goals to UML models to software specifications, Wiley. 2009.

Digital Library

[4]

D. Hatebur, M. Heisel, and H. Schmidt, 'A pattern system for security requirements engineering', in Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on, 2007, pp. 356--365.

Digital Library

[5]

M. Salnitri, E. Paja, and P. Giorgini, 'From socio-technical requirements to technical security design: an sts-based framework', Technical report, DISI-University of Trento, 2015.

[6]

S. T. Bulusu, R. Laborde, F. Barrère, A. Benzekri, and A. samer Wazan, 'Towards the weaving of the characteristics of good security requirements', in International Conference on Risks and Security of Internet and Systems - CRISIS 2016, Roscoff, France, 2017.

[7]

N. Mayer, 'Model-based management of information system security risk', University of Namur, 2009.

[8]

B. Fabian, S. Gürses, M. Heisel, T. Santen, and H. Schmidt, 'A comparison of security requirements engineering methods', Requir. Eng., vol. 15, no. 1, pp. 7--40, 2010.

Digital Library

[9]

K. Beckers, 'Comparing privacy requirements engineering approaches', in Availability, Reliability and Security (ARES), 2012 Seventh International Conference on, 2012, pp. 574--581.

Digital Library

[10]

D. Muñante, V. Chiprianov, L. Gallon, and P. Aniorté, 'A review of security requirements engineering methods with respect to risk analysis and model-driven engineering', in International Conference on Availability, Reliability, and Security, 2014, pp. 79--93.

[11]

A. Souag, R. Mazo, C. Salinesi, and I. Comyn-Wattiau, 'Reusable knowledge in security requirements engineering: a systematic mapping study', Requir. Eng., pp. 1--33, 2015.

Digital Library

[12]

A. V. Uzunov, E. B. Fernandez, and K. Falkner, 'Engineering Security into Distributed Systems: A Survey of Methodologies.', J. UCS, vol. 18, no. 20, pp. 2920--3006, 2012.

[13]

R. Jain, M. VanLeer, and A. Chandrasekaran, 'A framework for requirements engineering method selection', Int. J. Ind. Syst. Eng., vol. 8, no. 2, pp. 198--214, 2011.

[14]

'IEEE Guide for Developing System Requirements Specifications', 1998 Ed. IEEE Std 1233, Dec. 1998.

[15]

A. Nhlabatsi, B. Nuseibeh, and Y. Yu, 'Security requirements engineering for evolving software systems: A survey', 2009.

[16]

N. R. Mead, 'How to compare the Security Quality Requirements Engineering (SQUARE) method with other methods', DTIC Document, 2007.

[17]

I. ISO, IEC, and IEEE, 'ISO/IEC/IEEE 29148:2011 Systems and software engineering -- Life cycle processes -- Requirements engineering', Int. Organ. Stand., 2011.

[18]

N. A. Sherwood, Enterprise security architecture: a business-driven approach. CRC Press, 2005.

Digital Library

[19]

'NIST Computer Security Publications - NIST Special Publications (SPs)', 17-Jan-2016. {Online}. Available:http://csrc.nist.gov/publications/PubsSPs.html#800-53. {Accessed: 17-Jan-2016}.

[20]

D. Firesmith, 'Prioritizing Requirements.', J. Object Technol., vol. 3, no. 8, pp. 35--48, 2004.

[21]

I. ISO, 'ISO/IEC 31010:2009 - Risk management -- Risk assessment techniques', Int. Organ. Stand., 2009.

Cited By

Vierlboeck MNilchiani RGanguly AEdwards C(2022)Requirements Engineering for the Development of Disruptive Systems Engineering Innovations2022 IEEE International Symposium on Systems Engineering (ISSE)10.1109/ISSE54508.2022.10005334(1-7)Online publication date: 24-Oct-2022
https://doi.org/10.1109/ISSE54508.2022.10005334
Vierlboeck MNilchiani R(2021)Requirement Engineering in the Age of System and Product Complexity – A Literature Review2021 IEEE International Symposium on Systems Engineering (ISSE)10.1109/ISSE51541.2021.9582439(1-8)Online publication date: 13-Sep-2021
https://doi.org/10.1109/ISSE51541.2021.9582439
Van Landuyt DJoosen W(2021)A descriptive study of assumptions in STRIDE security threat modelingSoftware and Systems Modeling10.1007/s10270-021-00941-721:6(2311-2328)Online publication date: 17-Nov-2021
https://doi.org/10.1007/s10270-021-00941-7
Show More Cited By

Index Terms

Which Security Requirements Engineering Methodology Should I Choose?: Towards a Requirements Engineering-based Evaluation Approach
1. Security and privacy
  1. Formal methods and theory of security
    1. Security requirements
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Requirements analysis

Recommendations

Applying a requirement engineering based approach to evaluate the security requirements engineering methodologies
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

Considering the multitude of security requirements engineering methodologies available today, selecting a security requirement engineering methodology that fits the security engineering context becomes a promising task. In previous work, we outlined a ...
Elicitation of Security requirements for E-Health system by applying Model Oriented Security Requirements Engineering (MOSRE) Framework
CCSEIT '12: Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology

E-health is a health care system which is supported by electronic process and communication. The information that is kept in the system must be accurate. In case of false information, it may cause harm to human life. So this system needs more security ...
Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems

Software systems are becoming more and more critical in every domain of human society. These systems are used not only by corporates and governments, but also by individuals and across networks of organizations. The wide use of software systems has ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

August 2017

853 pages

ISBN:9781450352574

DOI:10.1145/3098954

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

ARES '17

ARES '17: International Conference on Availability, Reliability and Security

August 29 - September 1, 2017

Reggio Calabria, Italy

Acceptance Rates

ARES '17 Paper Acceptance Rate 100 of 191 submissions, 52%;

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
261
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Vierlboeck MNilchiani RGanguly AEdwards C(2022)Requirements Engineering for the Development of Disruptive Systems Engineering Innovations2022 IEEE International Symposium on Systems Engineering (ISSE)10.1109/ISSE54508.2022.10005334(1-7)Online publication date: 24-Oct-2022
https://doi.org/10.1109/ISSE54508.2022.10005334
Vierlboeck MNilchiani R(2021)Requirement Engineering in the Age of System and Product Complexity – A Literature Review2021 IEEE International Symposium on Systems Engineering (ISSE)10.1109/ISSE51541.2021.9582439(1-8)Online publication date: 13-Sep-2021
https://doi.org/10.1109/ISSE51541.2021.9582439
Van Landuyt DJoosen W(2021)A descriptive study of assumptions in STRIDE security threat modelingSoftware and Systems Modeling10.1007/s10270-021-00941-721:6(2311-2328)Online publication date: 17-Nov-2021
https://doi.org/10.1007/s10270-021-00941-7
Laborde RBulusu SWazan ABarrère FBenzekri AHung CPapadopoulos G(2019)Logic-based methodology to help security architects in eliciting high-level network security requirementsProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3297437(1610-1619)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3297437
Bulusu SLaborde RWazan ABarrere FBenzekri AHaddad HWainwright RChbeir R(2018)Applying a requirement engineering based approach to evaluate the security requirements engineering methodologiesProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167417(1316-1318)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167417
Bulusu SLaborde RWazan ABarrère FBenzekri A(2018)A Requirements Engineering-Based Approach for Evaluating Security Requirements Engineering MethodologiesInformation Technology – New Generations10.1007/978-3-319-77028-4_67(517-525)Online publication date: 2018
https://doi.org/10.1007/978-3-319-77028-4_67

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents