Abstract
In the recent years, tasks such as the Security Requirements Elicitation, the Specification of Security Requirements or the Security requirements Validation are essential to assure the Quality of the resulting software. An increasing part of the communication and sharing of information in our society utilizes Web Applications. Last two years have seen a significant surge in the amount of Web Application specific vulnerabilities that are disclosed to the public because of the importance of Security Requirements Engineering for Web based systems and as it is still under estimated. Therefore a thorough Security Requirements analysis is even more relevant. In this paper, we propose a Model oriented framework to Security Requirement Engineering (MOSRE) for Web Applications and applied our framework for E-Voting system. By applying Modeling technologies to Requirement phases, the Security requirements and domain knowledge can be captured in a well-defined model and it is better than traditional process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
CLUSIF, Web Application Working Group, Web application security, managing web application security risks, Technical Studies (March 2010), http://www.clusif.asso.fr/
Jacobson, I.: Modeling with Use Cases: Formalizing Use Case Modelling. Journal of Object-Oriented Programming (1995)
UML. Unified Modeling Language. Version 1.5 (2003), http://www.omg.org
Meier, J.D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Murukan, A.: Improving Web Application Security:Threats and Countermeasures. Microsoft Corporation (June 2003)
Mead, R., Houg, E.D., Stehney, T.R.: Security Quality Requirements Engineering (Square) Methodology, tech. report CMU/SEI-2005-TR-009, Software Eng. Inst., Carnegie Mellon Univ. (2005)
Swiderski, Frank, Syndex: Threat Modeling. Microsoft Press (2004)
Sindre, G., Opdah, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10, 34–44 (2005)
José Escalona, M., Koch, N.: Requirements Engineering for Web Applications – A Comparative Study. Journal of Web Engineering 2(3), 193–212 (2004)
Lee, H., Lee, C., Yoo, C.: A Scenario-based Object-oriented Methodology for Developing Hypermedia Information Systems. In: Sprague, R. (ed.) Proceedings of 31st Annual Conference on Systems Science (1998)
Bieber, M., Galnares, R., Lu, Q.: Web Engineering and Flexible Hypermedia. In: The Second Workshop on Adaptive Hypertext and Hypermedia, Hypertext 1998, Pittsburg, USA (1998)
Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security Requirements engineering: A Framework for Representation and Analysis. IEEE Transaction on Software Eng. 34(1), 133–152 (2008)
Dubois, E., Mouratidis, H.: Guest editorial: security requirements engineering: past, present and future. Requirements Eng. 15, 1–5 (2010)
Fabian, B., Gurses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng., Special Issue Security Requirements Engineering 15, 7–40 (2010)
Houmb, S.H., Islam, S., Knauss, E., Jurjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: An integration of Common Criteria, heuristics, and UMLsec. Requirements Eng., Special Issue Security Requirements Engineering 15, 63–93 (2010)
Hadavi, M.A., Hamishagi, V.S., Sangchi, H.M.: Security Requirements Engineering; State of the Art and Research Challenges. In: Proceedings of the International Multi Conference of Engineers and Computer Scientists, IMECS 2008, Hong Kong, vol. I, pp. 19–21 (March 2008)
Wang, H., Jia, Z., Shen, Z.: Research in security requirements engineering process, pp. 1285–1288. IEEE (2009)
Jain, S., Ingle, M.: Software Security Requirements Gathering Instrument. International Journal of Advanced Computer Science and Applications (IJACSA) 2(7), 116–129 (2011)
Chandrabose, A., Alagarsamy, K.: Security Requirements Engineering – A Strategic Approach. International Journal of Computer Applications (0975 – 8887) 13(3), 25–32 (2011)
Pandey, D., Suman, U., Ramani, A.K.: Security Requirement Engineering Issues in Risk Management. International Journal of Computer Applications (0975 – 8887) 17(5), 12–14 (2011)
Firesmith, D.: Engineering Security Requirements. Journal of Object Technology 2(1), 53–68 (2003), http://www.jot.fm/issues/issue_2003_01/column6
Apvrille, A., Pourzandi, M.: Secure Software Development by Example. IEEE Security & Privacy 3(4), 10–17 (2005)
Graham, D.: Introduction to the CLASP Process. Build Security (2006), https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/requirements/548.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Salini, P., Kanmani, S. (2013). Model Oriented Security Requirements Engineering (MOSRE) Framework for Web Applications. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 177. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31552-7_36
Download citation
DOI: https://doi.org/10.1007/978-3-642-31552-7_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31551-0
Online ISBN: 978-3-642-31552-7
eBook Packages: EngineeringEngineering (R0)