scholarly journals A Methodological Approach to Evaluate Security Requirements Engineering Methodologies: Application to the IREHDO2 Project Context

2021 ◽  
Vol 1 (3) ◽  
pp. 422-452
Author(s):  
Romain Laborde ◽  
Sravani Teja Bulusu ◽  
Ahmad Samer Wazan ◽  
Arnaud Oglaza ◽  
Abdelmalek Benzekri
Keyword(s):  
Network Security ◽  
Requirements Engineering ◽  
Methodological Approach ◽  
Evaluation Process ◽  
Requirement Engineering ◽  
Security Requirements ◽  
Evaluation Methodology ◽  
Global Evaluation ◽  
Security Requirement ◽  
Security Requirement Engineering

An effective network security requirement engineering is needed to help organizations in capturing cost-effective security solutions that protect networks against malicious attacks while meeting the business requirements. The diversity of currently available security requirement engineering methodologies leads security requirements engineers to an open question: How to choose one? We present a global evaluation methodology that we applied during the IREHDO2 project to find a requirement engineering method that could improve network security. Our evaluation methodology includes a process to determine pertinent evaluation criteria and a process to evaluate the requirement engineering methodologies. Our main contribution is to involve stakeholders (i.e., security requirements engineers) in the evaluation process by following a requirement engineering approach. We describe our experiments conducted during the project with security experts and the feedback we obtained. Although we applied it to evaluate three requirements engineering methods (KAOS, STS and SEPP) in the context of network security, our evaluation methodology can be instantiated in other contexts and other methods.

Understanding Security Requirement Engineering

2011 ◽  
Vol 1 (6) ◽  
pp. 111-112
Author(s):  
Velayutham Pavanasam ◽  
◽  
Chandrasekaran Subramaniam
Keyword(s):  
Requirement Engineering ◽  
Security Requirement ◽  
Security Requirement Engineering

Using SAE J3061 for Automotive Security Requirement Engineering

2016 ◽  
pp. 157-170 ◽  
Author(s):  
Christoph Schmittner ◽  
Zhendong Ma ◽  
Carolina Reyes ◽  
Oliver Dillinger ◽  
Peter Puschner
Keyword(s):  
Requirement Engineering ◽  
Security Requirement ◽  
Security Requirement Engineering

Quantitative Security Assurance

2019 ◽  
pp. 15-46
Author(s):  
Basel Katt ◽  
Nishu Prasher
Keyword(s):  
Case Studies ◽  
Development Process ◽  
Evaluation Process ◽  
Security Requirements ◽  
Security Requirement ◽  
Security Vulnerabilities ◽  
Security Assurance ◽  
Field Case ◽  
Process Oriented ◽  
Treat All

Security assurance is the confidence that a system meets its security requirements and is resilient against security vulnerabilities and failures. Existing approaches can be characterized as (1) qualitative in nature, (2) tend to achieve their goals manually to a large extent, (3) very costly, (4) development-process oriented, and finally, (3) treat all security requirements within one domain equally for all applications regardless of the context. In this chapter, the authors propose a security assurance framework and its assurance evaluation process. The framework and process depend on a quantitative security assurance metrics that were developed too. The proposed metric considers both the security requirements and vulnerability. Weight has been introduced to the security requirement metric to measure the importance of security requirements that need to be fulfilled. The framework with the proposed quantitative assurance metrics are evaluated and validated using two field case studies related to two operational REST APIs that belong to and are used by Statistics Norway.

Sign in / Sign up

Export Citation Format

Share Document