Top

Published in:

2018 | OriginalPaper | Chapter

A Template for Writing Security Requirements

Authors : Massila Kamalrudin, Nuridawati Mustafa, Safiah Sidek

Published in: Requirements Engineering for Internet of Things

Publisher: Springer Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Quality security requirements contribute to the success of secure software development. However, the process of eliciting and writing security requirements is tedious and complex, It requires Requirements Engineers (RE) to have security experience in the process of eliciting consistent security requirements from the clients-stakeholders. Considering the requirements are derived from natural language, RE faced problems in eliciting and writing security requirements as they have the tendency to misunderstand the real needs and the security terms used. Motivated from these problems, this paper proposed a security requirements library and template to assist RE in writing security requirements. The library was built based on compilation of security attributes derived from syntax analysis and keywords matching. The realization of the library and writing template was demonstrated using two sets of scenario taken from real projects. The usage examples show that the template is able to help the RE to write security requirements by providing the relevant and suitable sentence structure as guidance.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Comparative Requirements Analysis for the Feasibility of Blockchain for Secure Cloud

next chapter A Security Requirements Library for the Development of Internet of Things (IoT) Applications

El-Hadary, H., El-Kassas, S.: Capturing security requirements for software systems. J. Adv. Res. 5(4), 463–472 (2014)CrossRef

Zhivich, M., Cunningham, R.K.: The real cost of software errors. IEEE Secur. Priv. 2(2), 87–90 (2009)CrossRef

Salini, P., Kanmani, S.: Survey and analysis on security requirements engineering. Comput. Electr. Eng. 38, 1785–1797 (2012)CrossRef

Riaz, M., King, J., Slankas, J., Williams, L.: Hidden in plain sight: automatically identifying security requirements from natural language artifacts. In: IEEE 22nd International Requirements Engineering Conference, RE 2014, pp. 183–192 (2014)

Yu, E.S.K.: Towards modelling and reasoning support for early-phase requirements engineering. In: IEEE 3rd International Symposium on Requirements Engineering, ISRE 1997, pp. 226–235 (1997)

Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32, 153–165 (2010)CrossRef

Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requir. Eng. 15(1), 63–93 (2010).CrossRef

Banerjee, A., Sharma, M., Banerjee, C., Pandey, S.K.: Research on security requirements engineering: problems and prospects. MATRIX Acad. Int. Online J. Eng. Technol. 3(1), 32–35 (2015)

Firesmith, D.G.: Engineering security requirements. J. Object Technol. 2(1), 53–68 (2003)CrossRef

10.

Jindal, R., Malhotra, R., Jain, A.: Automated classification of security requirements. In: International Conference on Advances in Computing, Communications and Informatics (ICACCI 2016), pp. 2027–2033 (2016)

11.

Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)CrossRef

12.

CCRA: Common Criteria for Information Technology Security Evaluation (Part 2: Security Functional Components) (2017)

13.

CCRA: Common Criteria for Information Technology Security Evaluation (Part 1: Introduction and General Model) (2017)

14.

ISO/IEC: International Standard ISO/IEC 27000 (Information Technology — Security Techniques — Information Security Management Systems — Overview and Vocabulary) (2016)

15.

Kamalrudin, M., Grundy, J., Hosking, J.: Tool support for essential use cases to better capture software requirements. In: ACM the International Conference on Automated Software Engineering, ASE 2010, pp. 255–264 (2010)

16.

Chua, F.-F., Ngazizan, S.A., Hassan, M.: Design and implementation of airline reservation web services using service-oriented architecture. In: World Congress on Engineering 2010 (2010)

17.

S.C.P. (SCP): EHR Functional Requirements (2009). https://nyehealth.org/wp-content/uploads/2012/07/Version_2_2_EHR_Functional_Requirements-16_Nov_09.pdf. Accessed 30 Aug 2017

18.

Riaz, M., Stallings, J., Singh, M.P., Slankas, J., Williams, L.: DIGS – a framework for discovering goals for security requirements engineering. In: ACM International Symposium on Empirical Software Engineering and Measurement (ESEM 2016) (2016)

19.

Riaz, M., Elder, S., Williams, L.: Systematically developing prevention, detection, and response patterns for security requirements. In: The 3rd International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) (2016)

20.

Riaz, M., Slankas, J., King, J., Williams, L.: Using templates to elicit implied security requirements from functional requirements - a controlled experiment. In: ACM the 8th International Symposium on Empirical Software Engineering and Measurement, ESEM 2014, p. 22 (2014)

21.

Motil, A., Hamid, B., Lanusse, A., Bruel, J.-M., Motii, A., Hamid, B., Lanusse, A., Jean-Michel, B.: Guiding the selection of security patterns based on security requirements and pattern classification. In: ACM the 20th European Conference on Pattern Languages of Programs, EuroPLoP 2015, pp. 10:1–10:17 (2015)

22.

Beckers, K., Côté, I., Goeke, L.: A catalog of security requirements patterns for the domain of cloud computing systems. In: ACM the 29th Symposium on Applied Computing, pp. 337–342 (2014)

23.

Yahya, S., Kamalrudin, M., Sidek, S., Grundy, J.: Capturing security requirements using Essential Use Cases (EUCs). In: Zowghi, D., Jin, Z. (eds.) Requirements Engineering. CCIS, vol. 432, pp. 16–30. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43610-3_2 CrossRef

24.

Yusop, N., Kamalrudin, M., Sidek, S., Grundy, J.: Automated support to capture and validate security requirements for Mobile Apps. Commun. Comput. Inf. Sci. 671, 97–112 (2016)

25.

Salini, P., Kanmani, S.: Elicitation of security requirements for e-health system by applying Model Oriented Security Requirements Engineering (MOSRE) framework. In: ACM the Second International Conference on Computational Science, Engineering and Information Technology, CCSEIT 2012, pp. 126–131 (2012)

Title: A Template for Writing Security Requirements
Authors: Massila Kamalrudin
Nuridawati Mustafa
Safiah Sidek
Publisher: Springer Singapore
Book: Requirements Engineering for Internet of Things
Print ISBN: 978-981-10-7795-1

Electronic ISBN: 978-981-10-7796-8

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-981-10-7796-8_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner