OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development

2018 ◽  
Author(s):  
Kai Qian ◽  
Reza M. Parizi ◽  
Dan Lo
Keyword(s):  
Risk Analysis ◽  
Software Development ◽  
Requirements Specification ◽  
Security Requirements ◽  
Mobile Software

scholarly journals A Method for Model-Driven Information Flow Security

2012 ◽  
pp. 199-229 ◽  
Author(s):  
Fredrik Seehusen ◽  
Ketil Stølen
Keyword(s):  
Software Development ◽  
Information Flow ◽  
System Architecture ◽  
Security Requirements ◽  
State Machines ◽  
Flow Properties ◽  
Information Flow Security ◽  
Software Developer ◽  
Model Driven ◽  
Secure Information

We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the system architecture and selects a set of security requirements (in the form of secure information flow properties) that the system must adhere to. The user then specifies each component of the system architecture using UML inspired state machines, and refines/transforms these (abstract) state machines into concrete state machines. It is shown that if the abstract specification adheres to the security requirements, then so does the concrete one provided that certain conditions are satisfied.

scholarly journals PCM Tool: Privacy Requirements Specification in Agile Software Development

2019 ◽  
Author(s):  
Mariana Peixoto ◽  
Carla Silva ◽  
Ricarth Lima ◽  
João Araújo ◽  
Tony Gorschek ◽  
...  
Keyword(s):  
Software Development ◽  
Agile Software Development ◽  
Requirements Specification ◽  
Software Developers ◽  
Privacy Requirements ◽  
Agile Software

Recent research has pointed out that software developers face difficulties to specify requirements for privacy-sensitive systems. To help addressing this issue, this paper presents a tool, called PCM Tool, that supports the Privacy Criteria Method (PCM) - an approach designed to guide the specification of privacy requirements in agile software development.

Evaluation of a Mobile Software Development Company

2017 ◽  
pp. 514-533
Author(s):  
Rodrigo Augusto Peres Velozo ◽  
Gustavo Kimura Montanha
Keyword(s):  
Software Development ◽  
Mobile Technology ◽  
Cloud Service ◽  
Easy Access ◽  
Mobile Environment ◽  
Application Management ◽  
Software Interface ◽  
Mobile Software ◽  
Management And Development ◽  
Common Problems

The mobile technology became an important tool for nowadays society, allowing fast and easy access to information, becoming useful on both the user's professional and personal life. However, the mobile environment involves many technologies, turning into a complex subject for software development, where it's necessary to pay attention to many variables in order to ensure the project's quality. Therefore, the present study was conducted with a mobile software development company, analyzing and contributing to the company's activity in order to identify common problems related to an application management and development. It was found issues related to the software interface and quality control processes, also covering the migration from a local database to a cloud service.

A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes

2014 ◽  
Vol 5 (4) ◽  
pp. 31-47 ◽  
Author(s):  
Annette Tetmeyer ◽  
Daniel Hein ◽  
Hossein Saiedian
Keyword(s):  
Software Development ◽  
Software Security ◽  
Security Requirements ◽  
Software Systems ◽  
Small Organizations ◽  
Pos Tagging ◽  
Part Of Speech ◽  
Security Requirements Engineering ◽  
Development Processes

While software security has become an expectation, stakeholders often have difficulty expressing such expectations. Elaborate (and expensive) frameworks to identify, analyze, validate and incorporate security requirements for large software systems (and organizations) have been proposed, however, small organizations working within short development lifecycles and minimal resources cannot justify such frameworks and often need a light and practical approach to security requirements engineering that can be easily integrated into their existing development processes. This work presents an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small organizations. The approach is based on identifying candidate security goals using part of speech (POS) tagging, categorizing security goals based on canonical security definitions, and understanding the stakeholder goals to develop preliminary security requirements and to prioritize them. It uses a case study to validate the feasibility and effectiveness of the proposed approach.

Security Requirements Specification in Process-aware Information Systems

2010 ◽  
pp. 145-154
Author(s):  
Michael Menzel ◽  
Ivonne Thomas ◽  
Benjamin Schüler ◽  
Maxim Schnjakin ◽  
Christoph Meinel
Keyword(s):  
Information Systems ◽  
Requirements Specification ◽  
Security Requirements

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

2015 ◽  
Vol 6 (1) ◽  
pp. 24-46
Author(s):  
Azadeh Alebrahim ◽  
Denis Hatebur ◽  
Stephan Fassbender ◽  
Ludger Goeke ◽  
Isabelle Côté
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Risk Analysis ◽  
Computing System ◽  
Security Requirements ◽  
Analysis Method ◽  
Computing Systems ◽  
Cloud Systems ◽  
Cloud Computing System ◽  
Iso 27001

To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.

Sign in / Sign up

Export Citation Format

Share Document