2014 IEEE 1st International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE)

2014 ◽  
Keyword(s):  
Requirements Engineering ◽  
International Workshop ◽  
Security And Privacy ◽  
Privacy Requirements

Model Based Process to Support Security and Privacy Requirements Engineering

2012 ◽  
Vol 3 (3) ◽  
pp. 1-22 ◽  
Author(s):  
Shareeful Islam ◽  
Haralambos Mouratidis ◽  
Christos Kalloniatis ◽  
Aleksandar Hudic ◽  
Lorenz Zechner
Keyword(s):  
Requirements Engineering ◽  
Security And Privacy ◽  
Software Systems ◽  
Continuous Change ◽  
Privacy Requirements ◽  
Model Based ◽  
Systems Research ◽  
Implementation Techniques ◽  
Voting System ◽  
Eu Project

Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It’s necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: (1) the development of requirements engineering methods, and (2) implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security (and privacy) requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors’ work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.

2-SQUARE

2013 ◽  
Vol 1 (1) ◽  
pp. 41-53 ◽  
Author(s):  
Alan Lai ◽  
Cui Zhang ◽  
Senad Busovaca
Keyword(s):  
Software Engineering ◽  
Requirements Engineering ◽  
Security And Privacy ◽  
Engineering Process ◽  
Privacy Requirements ◽  
Requirements Engineering Process ◽  
Daunting Task ◽  
Process Guidance ◽  
Engineering Institute

This paper presents a highly flexible and expandable tool called 2-SQUARE in support of the SQUARE methodology for security and privacy requirements engineering developed by the Software Engineering Institute at Carnegie Mellon University. Security and privacy requirements engineering can be a daunting task even with the proper expertise. 2-SQUARE aims at making it straightforward to perform requirements engineering regardless of expertise by providing flexible workflows and process guidance. 2-SQUARE also facilitates communication between requirements engineers and stakeholders throughout the requirements engineering process.

scholarly journals Applying the physics of notation to the evaluation of a security and privacy requirements engineering methodology

2018 ◽  
Vol 26 (4) ◽  
pp. 382-400 ◽  
Author(s):  
Vasiliki Diamantopoulou ◽  
Haralambos Mouratidis
Keyword(s):  
Requirements Engineering ◽  
Design Methodology ◽  
Development Process ◽  
Systems Development ◽  
Security And Privacy ◽  
Content Type ◽  
Privacy Requirements ◽  
Modelling Languages ◽  
Business Environments ◽  
Privacy Issues

Purpose The purpose of this study is the analysis of a security and privacy requirements engineering methodology. Such methodologies are considered an important part of systems’ development process when they contain and process a large amount of critical information, and thus need to remain secure and ensure privacy. Design/methodology/approach These methodologies provide techniques, methods and norms for tackling security and privacy issues in information systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, as the produced models are used not only among IT experts or among security specialists but also for communication among various stakeholders, in business environments or among novices in an academic environment. Findings The qualitative analysis revealed a partial satisfaction of these principles. Originality/value This paper evaluates the effectiveness of a security and privacy requirements engineering methodology, namely, Secure Tropos, on the nine principles of the theory of notation.

Security and Privacy Requirements Engineering

2019 ◽  
pp. 1711-1729 ◽  
Author(s):  
Nancy R. Mead ◽  
Saeed Abu-Nimeh
Keyword(s):  
Risk Assessment ◽  
Requirements Engineering ◽  
Security Requirements ◽  
Security And Privacy ◽  
Future Research ◽  
Security Risk ◽  
Security Risks ◽  
Privacy Requirements ◽  
Assessment Techniques ◽  
Security Risk Assessment

Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present the SQUARE security requirements method. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They then present a privacy elicitation technique and subsequently combine security risk assessment techniques with privacy risk assessment techniques. The authors discuss prototype tools that have been developed to support SQUARE for security and privacy as well as recent workshops that have focused on additional results in the security and privacy requirements area. Finally, the authors suggest future research and case studies needed to further contribute to early lifecycle activities that will address security and privacy-related issues.

Sign in / Sign up

Export Citation Format

Share Document