Decision-Making in Security Requirements Engineering with Constrained Goal Models

2017 ◽  
pp. 262-280 ◽  
Author(s):  
Nikolaos Argyropoulos ◽  
Konstantinos Angelopoulos ◽  
Haralambos Mouratidis ◽  
Andrew Fish
Keyword(s):  
Decision Making ◽  
Requirements Engineering ◽  
Security Requirements ◽  
Security Requirements Engineering ◽  
Goal Models

scholarly journals A fuzzy TOPSIS based analysis toward selection of effective security requirements engineering approach for trustworthy healthcare software development

2020 ◽  
Vol 20 (1) ◽  
Author(s):  
Md Tarique Jamal Ansari ◽  
Fahad Ahmed Al-Zahrani ◽  
Dhirendra Pandey ◽  
Alka Agrawal
Keyword(s):  
Decision Making ◽  
Software Development ◽  
Requirements Engineering ◽  
Selection Criteria ◽  
Fuzzy Topsis ◽  
Security Requirements ◽  
Multi Criteria Decision Making ◽  
Engineering Approach ◽  
Security Requirements Engineering ◽  
Selection Of

Abstract Background Today’s healthcare organizations want to implement secure and quality healthcare software as cyber-security is a significant risk factor for healthcare data. Considering security requirements during trustworthy healthcare software development process is an essential part of the quality software development. There are several Security Requirements Engineering (SRE) methodologies, framework, process, standards available today. Unfortunately, there is still a necessity to improve these security requirements engineering approaches. Determining the most suitable security requirements engineering method for trustworthy healthcare software development is a challenging process. This study is aimed to present security experts’ perspective on the relative importance of the criteria for selecting effective SRE method by utilizing the multi-criteria decision making methods. Methods The study was planned and conducted to identify the most appropriate SRE approach for quality and trustworthy software development based on the security expert’s knowledge and experience. The hierarchical model was evaluated by using fuzzy TOPSIS model. Effective SRE selection criteria were compared in pairs. 25 security experts were asked to response the pairwise criteria comparison form. Results The impact of the recognized selection criteria for effective security requirements engineering approaches has been evaluated quantitatively. For each of the 25 participants, comparison matrixes were formed based on the scores of their responses in the form. The consistency ratios (CR) were found to be smaller than 10% (CR = 9.1% < 10%). According to pairwise comparisons result; with a 0.842 closeness coefficient (Ci), STORE methodology is the most effective security requirements engineering approach for trustworthy healthcare software development. Conclusions The findings of this research study demonstrate various factors in the decision-making process for the selection of a reliable method for security requirements engineering. This is a significant study that uses multi-criteria decision-making tools, specifically fuzzy TOPSIS, which used to evaluate different SRE methods for secure and trustworthy healthcare application development.

Threat and Risk-Driven Security Requirements Engineering

2012 ◽  
pp. 36-52
Author(s):  
Holger Schmidt
Keyword(s):  
Requirements Engineering ◽  
Security Requirements ◽  
Risk Models ◽  
Security Requirements Engineering ◽  
Strong Focus ◽  
Ict System

In this paper, the author aim to present a threat and risk-driven methodology to security requirements engineering. The chosen approach has a strong focus on gathering, modeling, and analyzing the environment in which a secure ICT-system to be built is located. The knowledge about the environment comprises threat and risk models. As presented in the paper, this security-relevant knowledge is used to assess the adequacy of security mechanisms, which are then selected to establish security requirements.

A Security Requirements Engineering Tool for Domain Engineering in Software Product Lines

2011 ◽  
pp. 73-92
Author(s):  
Jesús Rodríguez ◽  
Eduardo Fernández-Medina ◽  
Mario Piattini ◽  
Daniel Mellado
Keyword(s):  
Requirements Engineering ◽  
Software Product Lines ◽  
Product Line ◽  
Security Requirements ◽  
Engineering Process ◽  
Product Lines ◽  
Requirements Engineering Process ◽  
Security Requirements Engineering ◽  
Software Product ◽  
Automated Support

The concepts of Service-Oriented Architectures and Software Product Lines are currently being paid a considerable amount of attention, both in research and in practice. Both disciplines promise to make the development of flexible, cost-effective software systems possible and to support high levels of reuse, and may sometimes be complementary to each other. In both paradigms, security is a critical issue, although most of the existing product line practices do not comprise all the security requirements engineering activities or provide automated support through which to perform these activities, despite the fact that it is widely accepted that the application of any requirements engineering process or methodology is much more difficult without a CARE (Computer-Aided Requirements Engineering) tool, since it must be performed manually. Therefore, this chapter shall present a tool denominated as SREPPLineTool, which provides automated support through which to facilitate the application of the security quality requirements engineering process for software product lines, SREPPLine. SREPPLineTool simplifies the management of security requirements in product lines by providing us with a guided, systematic and intuitive manner in which to deal with them from the early stages of product line development, thus simplifying the management and the visualization of artefact variability and traceability links and the integration of security standards, along with the management of the security reference model proposed by SREPPLine.

Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method

2007 ◽  
pp. 43-69 ◽  
Author(s):  
N. R. Mead
Keyword(s):  
Requirements Engineering ◽  
Systematic Approach ◽  
Promising Method ◽  
Security Requirements ◽  
Software Systems ◽  
Quality Requirements ◽  
Student Teams ◽  
Security Requirements Engineering ◽  
Engineering Institute

In this chapter, we describe general issues in developing security requirements, meth-ods that have been useful, and a method (SQUARE) that can be used for eliciting, analyzing, and documenting security requirements for software systems. SQUARE, which was developed by the CERT Program at Carnegie Mellon University’s Soft-ware Engineering Institute, provides a systematic approach to security requirements engineering. SQUARE has been used on a number of client projects by Carnegie Mellon student teams, prototype tools have been developed, and research is ongoing to improve this promising method.

Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method

2008 ◽  
pp. 943-963
Author(s):  
N. R. Mead
Keyword(s):  
Requirements Engineering ◽  
Systematic Approach ◽  
Promising Method ◽  
Security Requirements ◽  
Software Systems ◽  
Quality Requirements ◽  
Student Teams ◽  
Security Requirements Engineering ◽  
Engineering Institute

In this chapter, we describe general issues in developing security requirements, methods that have been useful, and a method (SQUARE) that can be used for eliciting, analyzing, and documenting security requirements for software systems. SQUARE, which was developed by the CERT Program at Carnegie Mellon University’s Soft-ware Engineering Institute, provides a systematic approach to security requirements engineering. SQUARE has been used on a number of client projects by Carnegie Mellon student teams, prototype tools have been developed, and research is ongoing to improve this promising method.

Sign in / Sign up

Export Citation Format

Share Document