Estimating influence of threat using Misuse Case Oriented Quality Requirements (MCOQR) metrics: : Security requirements engineering perspective
Pages 1 - 11
Abstract
Security is an aspect which contains varied classification and dimensions. One such classification of security is software security and it’s facet is metrics. Software security metrics provides an estimation of how secure a software could be and indicates that where the loophole might occur while it is being developed. The realization of security implementation should occur during the initiation of software development, i.e. the requirements elicitation phase among the software development team. Misuse Case Oriented Quality Requirements (MCOQR) Metrics framework provides an easy and comprehensive way of identifying security loopholes in software much before it is developed. It provides 6 dimensional security indicators and estimators so that security team can have an insight into areas which needs further improvement and for proper drafting of security requirements. This research paper takes into account influence of threat predicted using the misuse case modeling for estimating the security aspect of software much before it is developed and implemented practically. In this paper an empirical study is provided that shows how security team may identify core areas where security could be enhanced further. The research work proves that if MCOQR metrics framework is applied during software development the outcome is more secure software.
References
[1]
A.A. Abdulrazeg, N.M. Norwawi and M. Basir, Extending V-model practices to support SRE to build secure web application, Advanced Computer Science and Information Systems (ICACSIS), IEEE (2014), 213–218.
[2]
B. Bailey, Addressing software security, NASA’s IV&V Program Safety and Mission Assurance (SMA) Office Information Assurance/Cybersecurity Support, 2015.
[3]
C. Banerjee and S.K. Pandey, Software security rules, SDLC perspective, International Journal of Computer Science and Information Security (IJCSIS) 6(1) (2009), 123–128.
[4]
C. Banerjee, A. Banerjee and P.D. Murarka, Evaluating the relevance of prevailing software metrics to address issue of security implementation in SDLC, International Journal of Advanced Studies in Computers, Science and Engineering 3(3) (2014), 18–25.
[5]
C. Banerjee, A. Banerjee and S.K. Pandey, MCOQR (misuse case-oriented quality requirements) metrics framework, Problem Solving and Uncertainty Modeling Through Optimization and Soft Computing Applications, IGI Global (2016), 184–209.
[6]
C. Banerjee et al., Proposed algorithm for identification of vulnerabilities & associated misuse cases using cvss, cve during sre phase, in: International Conference on Soft Computing: Theories and Applications (SoCTA), AISC Series of Springer, 2017 (in publication).
[7]
M. Busch, N. Koch and M. Wirsing, evaluation of engineering approaches in the secure software development life cycle, Engineering Secure Future Internet Services and Systems, Springer International Publishing (2014), 234–265.
[8]
L. Chung and J. do Prado Leite, On non-functional requirements in software engineering, Conceptual Modeling: Foundations and Applications (2009), 363–379.
[9]
W.C. Easttom II, Computer security fundamentals, Pearson IT Certification, 2016.
[10]
A. Herrmann and B. Paech, MOQARE: misuse-oriented quality requirements engineering, Requirements Engineering 13(1) (2008), 73–86.
[11]
P.J. Houngbo and J.T. Hounsou, Measuring information security: understanding and selecting appropriate metrics, International Journal of Computer Science and Security (IJCSS) 9(2) (2015), 108–120.
[12]
S.R. Jan et al., Issues in global software development (communication, coordination and trust) a critical review, International Journal of Scientific Research in Science, Engineering and Technology 2(2) (2016), 660–663.
[13]
E. Letier, D. Stefan and E.T. Barr, Uncertainty, risk, and information value in software requirements and architecture, in: Proceedings of the 36th International Conference on Software Engineering, ACM, 2014, pp. 883–894.
[14]
J. Luftman, K. Lyytinen and T. ben Zvi, Enhancing the measurement of information technology (IT) business alignment and its influence on company performance, Journal of Information Technology (2015), 1–21.
[15]
G. McGraw, Software security: building security, in: Addison-Wesley Professional, 2006.
[16]
T. Okubo, K. Taguchi and N. Yoshioka, Misuse cases+ assets+ security goals, Computational Science and Engineering, 2009. CSE’09. IEEE (2009), 424–429.
[17]
T.R. Peltier, Information security policies, procedures, and standards: guidelines for effective information security management, CRC Press, 2016.
[18]
B. Penzenstadler et al., Safety, security, now sustainability: The nonfunctional requirement for the 21st century, IEEE Software 31(3) (2014), 40–47.
[19]
A.S. Poonia et al., Vulnerability identification and misuse case classification framework, Proceedings of Soft Computing: Theories and Applications SoCTA, Advances in Intelligent Systems & Computing Series of Springer, 2017. (in publication)
[20]
C. Raspotnig, P. Karpati and V. Katta, A combined process for elicitation and analysis of safety and security requirements, Enterprise, Business-process and Information Systems Modeling, Springer Berlin Heidelberg (2012), 347–361.
[21]
P. Salini and S. Kanmani, Model oriented security requirements engineering (MOSRE) framework for web applications, Advances in Computing and Information Technology (2013), 341–353.
[22]
G. Santhosh Babu et al., Suraksha: A security designers’ workbench, Hack.in, IIT Kanpur (2009), 59–65.
[23]
G. Sindre and A.L. Opdahl, Eliciting security requirements with misuse cases, Requirements Engineering 10(1) (2005), 34–44.
[24]
R. Sinn, Software security technologies, Cengage Learning, 2015.
[25]
S. Yahya et al., Capturing security requirements using essential use cases (EUCs), Requirements Engineering, Springer Berlin Heidelberg (2014), 16–30.
Index Terms
- Estimating influence of threat using Misuse Case Oriented Quality Requirements (MCOQR) metrics: Security requirements engineering perspective
Index terms have been assigned to the content through auto-classification.
Recommendations
Algorithmic Approach for Development of Misuse Case Modeling Framework for iMACOQR Metrics
ACCT '15: Proceedings of the 2015 Fifth International Conference on Advanced Computing & Communication TechnologiesSince the beginning of the Information Technology age, the software organizations have conventionally focused on the improvement of quality of the code for refining and enhancing the security of software. From the studies carried out, practically, the ...
Elicitation of Security requirements for E-Health system by applying Model Oriented Security Requirements Engineering (MOSRE) Framework
CCSEIT '12: Proceedings of the Second International Conference on Computational Science, Engineering and Information TechnologyE-health is a health care system which is supported by electronic process and communication. The information that is kept in the system must be accurate. In case of false information, it may cause harm to human life. So this system needs more security ...
STORE: Security Threat Oriented Requirements Engineering Methodology
AbstractAs we are continuously depending on information technology applications by adopting electronic channels and software applications for our business, online transaction and communication, software security is increasingly becoming a ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© 2017 – IOS Press and the authors. All rights reserved.
Publisher
IOS Press
Netherlands
Publication History
Published: 01 January 2017
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 17 Jan 2025