Security Requirements for Ubiquitous Software Development Site

2006 ◽  
pp. 836-843
Author(s):  
Tai-hoon Kim
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Development Site

scholarly journals A Method for Model-Driven Information Flow Security

2012 ◽  
pp. 199-229 ◽  
Author(s):  
Fredrik Seehusen ◽  
Ketil Stølen
Keyword(s):  
Software Development ◽  
Information Flow ◽  
System Architecture ◽  
Security Requirements ◽  
State Machines ◽  
Flow Properties ◽  
Information Flow Security ◽  
Software Developer ◽  
Model Driven ◽  
Secure Information

We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the system architecture and selects a set of security requirements (in the form of secure information flow properties) that the system must adhere to. The user then specifies each component of the system architecture using UML inspired state machines, and refines/transforms these (abstract) state machines into concrete state machines. It is shown that if the abstract specification adheres to the security requirements, then so does the concrete one provided that certain conditions are satisfied.

A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes

2014 ◽  
Vol 5 (4) ◽  
pp. 31-47 ◽  
Author(s):  
Annette Tetmeyer ◽  
Daniel Hein ◽  
Hossein Saiedian
Keyword(s):  
Software Development ◽  
Software Security ◽  
Security Requirements ◽  
Software Systems ◽  
Small Organizations ◽  
Pos Tagging ◽  
Part Of Speech ◽  
Security Requirements Engineering ◽  
Development Processes

While software security has become an expectation, stakeholders often have difficulty expressing such expectations. Elaborate (and expensive) frameworks to identify, analyze, validate and incorporate security requirements for large software systems (and organizations) have been proposed, however, small organizations working within short development lifecycles and minimal resources cannot justify such frameworks and often need a light and practical approach to security requirements engineering that can be easily integrated into their existing development processes. This work presents an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small organizations. The approach is based on identifying candidate security goals using part of speech (POS) tagging, categorizing security goals based on canonical security definitions, and understanding the stakeholder goals to develop preliminary security requirements and to prioritize them. It uses a case study to validate the feasibility and effectiveness of the proposed approach.

scholarly journals Framework for Testing the Security of Application Software at Design Phase

2019 ◽  
Vol 8 (11) ◽  
pp. 4039-4049
Keyword(s):  
Software Development ◽  
Initial Level ◽  
Software Security ◽  
System Security ◽  
Security Requirements ◽  
Security Level ◽  
Application Software ◽  
Design Phase ◽  
Security Testing ◽  
Security Breaches

Software security testing is essential to reveal the weaknesses in the security of the system. The security level of the software must be assessed properly and timely so that the security breaches can be prevented to occur otherwise they harm the system. Security testing during designing the software will be advantageous to reduce the rework and expenses required if it will be found insecure after the implementation. Security testing can be achieved efficiently through proper framework at the early stages of software development. Security can be checked at the initial level by taking inputs at the requirement phase and design phase so that loopholes can be found and the propagation of vulnerabilities can be prevented. At requirement phase security requirements can be filtered and then at the next phase designing artifacts can be inspected for security errors. A metric is designed which will grade the software under test and state that whether the system is secured at the proper level or not. In this paper a framework is proposed which is based on metric and the validation of the metric is done through the Weyuker’s property.

scholarly journals Secure MEReq: A Tool Support to Check for Completeness of Security Requirements

2019 ◽  
Vol 8 (2S11) ◽  
pp. 768-771
Keyword(s):  
Software Development ◽  
Natural Language ◽  
Security Requirements ◽  
Tool Support ◽  
The Real ◽  
Prototype Tool ◽  
Considerable Research ◽  
Secure Software ◽  
Secure Software Development ◽  
Key Features

Quality security requirements help secure software development to succeed. While considerable research can be discovered in the field of demands elicitation, less attention has been paid to the writing of full security specifications. The demands engineers (REs) are still challenged and tedious in implementing and reporting full safety needs derived from Natural language. This is due to their tendency to misunderstand the real needs and the security terms used by inexperienced REs leading to incomplete security requirements. Motivated from these problems, we have developed a prototype tool, called SecureMEReq to improve the writing of complete security requirements. This tool provides four important key-features, which are (1) extraction of template-based components from client-stakeholders; (2) analysis of template-based density from SRCLib; (3) analysis of requirements syntax density from SecLib; and (4) analysis of completeness prioritization. To do this, we used our pattern libraries: SecLib and SRCLib to support the automation process of elicitation, especially in writing the security requirements. Our evaluation results show that our prototype tool is capable to facilitate the writing of complete security requirements and useful in assisting the REs to elicit the security requirements.

Sign in / Sign up

Export Citation Format

Share Document