Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education

This chapter describes methods of incorporating security requirements engineering into software engineering courses and curricula. The chapter discusses the importance of security requirements engineering and the relationship of security knowledge to general computing knowledge by comparing a security body of knowledge to standard computing curricula. Then security requirements is related to standard computing curricula and educational initiatives in security requirements engineering are described, with their results. An expanded discussion of the SQUARE method in security requirements engineering case studies is included, as well as future plans in the area. Future plans include the development and teaching of academic course materials in security requirements engineering, which will then be made available to educators. The authors hope that more educators will be motivated to teach security requirements engineering in their software engineering courses and to incorporate it in their curricula.

Download Full-text

Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method

Integrating Security and Software Engineering ◽

10.4018/978-1-59904-147-6.ch003 ◽

2007 ◽

pp. 43-69 ◽

Cited By ~ 8

Author(s):

N. R. Mead

Keyword(s):

Requirements Engineering ◽

Systematic Approach ◽

Promising Method ◽

Security Requirements ◽

Software Systems ◽

Quality Requirements ◽

Student Teams ◽

Security Requirements Engineering ◽

Engineering Institute

In this chapter, we describe general issues in developing security requirements, meth-ods that have been useful, and a method (SQUARE) that can be used for eliciting, analyzing, and documenting security requirements for software systems. SQUARE, which was developed by the CERT Program at Carnegie Mellon University’s Soft-ware Engineering Institute, provides a systematic approach to security requirements engineering. SQUARE has been used on a number of client projects by Carnegie Mellon student teams, prototype tools have been developed, and research is ongoing to improve this promising method.

Download Full-text

Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch065 ◽

2008 ◽

pp. 943-963

Author(s):

N. R. Mead

Keyword(s):

Requirements Engineering ◽

Systematic Approach ◽

Promising Method ◽

Security Requirements ◽

Software Systems ◽

Quality Requirements ◽

Student Teams ◽

Security Requirements Engineering ◽

Engineering Institute

In this chapter, we describe general issues in developing security requirements, methods that have been useful, and a method (SQUARE) that can be used for eliciting, analyzing, and documenting security requirements for software systems. SQUARE, which was developed by the CERT Program at Carnegie Mellon University’s Soft-ware Engineering Institute, provides a systematic approach to security requirements engineering. SQUARE has been used on a number of client projects by Carnegie Mellon student teams, prototype tools have been developed, and research is ongoing to improve this promising method.

Download Full-text

Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods

International Journal of Secure Software Engineering ◽

10.4018/jsse.2010102005 ◽

2010 ◽

Vol 1 (1) ◽

pp. 74-91 ◽

Cited By ~ 3

Author(s):

Nancy R. Mead

Keyword(s):

Case Studies ◽

Requirements Engineering ◽

Security Requirements ◽

Research Education ◽

The Past ◽

Adequate Information ◽

Security Research ◽

Security Requirements Engineering ◽

Technology Transition ◽

Student Projects

The premise of this article is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have worked with seven development groups in five organizations in the process of refining and transitioning the Security Quality Requirements Engineering (SQUARE) and SQUARE-Lite methods into practice. These experiences have provided the opportunity to step back and assess the use of pilots in conjunction with student projects to support method refinement and technology transition. Although SQUARE and SQUARE-Lite are concerned with security requirements, the benefits and challenges that have been observed would apply to many security research and technology transition efforts. We itemize and justify these benefits and challenges and discuss their practical relevance and application to ensuring adequate information assurance protection.

Download Full-text

Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods

Security-Aware Systems Applications and Software Development Methods ◽

10.4018/978-1-4666-1580-9.ch006 ◽

2012 ◽

pp. 89-107 ◽

Cited By ~ 1

Author(s):

Nancy R. Mead

Keyword(s):

Case Studies ◽

Requirements Engineering ◽

Information Assurance ◽

Security Requirements ◽

Quality Requirements ◽

Research Education ◽

Security Research ◽

Security Requirements Engineering ◽

Technology Transition ◽

Student Projects

The premise of this paper is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have worked with seven development groups in five organizations in the process of refining and transitioning the Security Quality Requirements Engineering (SQUARE) and SQUARE-Lite methods into practice. These experiences have provided the opportunity to step back and assess the use of pilots in conjunction with student projects to support method refinement and technology transition. Although SQUARE and SQUARE-Lite are concerned with security requirements, the benefits and challenges that have been observed would apply to many security research and technology transition efforts. We itemize and justify these benefits and challenges and discuss their practical relevance and application to ensuring adequate information assurance protection.

Download Full-text

A Method for Detecting Bad Smells and its Application to Software Engineering Education

International Journal of Software Innovation ◽

10.4018/ijsi.2015040102 ◽

2015 ◽

Vol 3 (2) ◽

pp. 13-23

Author(s):

Yuki Ito ◽

Atsuo Hazeyama ◽

Yasuhiko Morimoto ◽

Hiroaki Kaminaga ◽

Shoichi Nakamura ◽

...

Keyword(s):

Software Engineering ◽

Software Development ◽

Engineering Education ◽

Source Code ◽

Software Systems ◽

Large Source ◽

Software Engineering Education ◽

Meta Programming

In order to extend and maintenance software systems, it is necessary to remove factors behind bad smells from source code through refactoring. However, it is time-consuming process to detect and remove factors behind bad smells manually from large source code. And, learning how to refactor bad smells can be difficult for students because they are not yet software development experts. Therefore, the authors propose a method for detecting bad smells using declarative meta programming that can be applied to software development training. In this manner, software development training is facilitated.

Download Full-text

Enhancing Software Engineering Education: Teaching Software Security Requirements and Design

10.5176/2251-2217_sea12.19 ◽

2012 ◽

Author(s):

Maria Moore ◽

Huiming Yu ◽

Xiaohong Yuan ◽

Bill Chu

Keyword(s):

Software Engineering ◽

Engineering Education ◽

Software Security ◽

Security Requirements ◽

Software Engineering Education

Download Full-text

Security Requirements Engineering for Evolving Software Systems

International Journal of Secure Software Engineering ◽

10.4018/jsse.2010102004 ◽

2010 ◽

Vol 1 (1) ◽

pp. 54-73 ◽

Cited By ~ 15

Author(s):

Armstrong Nhlabatsi ◽

Bashar Nuseibeh ◽

Yijun Yu

Keyword(s):

Requirements Engineering ◽

Software Evolution ◽

Extended Period ◽

Security Requirements ◽

Software Systems ◽

Novel Technologies ◽

Security Requirements Engineering ◽

Evolutionary Changes ◽

Cross Fertilization ◽

Review Current

Long-lived software systems often undergo evolution over an extended period. Evolution of these systems is inevitable as they need to continue to satisfy changing business needs, new regulations and standards, and introduction of novel technologies. Such evolution may involve changes that add, remove, or modify features; or that migrate the system from one operating platform to another. These changes may result in requirements that were satisfied in a previous release of a system not being satisfied in subsequent versions. When evolutionary changes violate security requirements, a system may be left vulnerable to attacks. In this article we review current approaches to security requirements engineering and conclude that they lack explicit support for managing the effects of software evolution. We then suggest that a cross fertilization of the areas of software evolution and security engineering would address the problem of maintaining compliance to security requirements of software systems as they evolve.

Download Full-text