Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods

Information Assurance ◽

Security Requirements ◽

Quality Requirements ◽

Research Education ◽

Security Research ◽

Technology Transition ◽

Student Projects

The premise of this paper is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have worked with seven development groups in five organizations in the process of refining and transitioning the Security Quality Requirements Engineering (SQUARE) and SQUARE-Lite methods into practice. These experiences have provided the opportunity to step back and assess the use of pilots in conjunction with student projects to support method refinement and technology transition. Although SQUARE and SQUARE-Lite are concerned with security requirements, the benefits and challenges that have been observed would apply to many security research and technology transition efforts. We itemize and justify these benefits and challenges and discuss their practical relevance and application to ensuring adequate information assurance protection.

Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods

International Journal of Secure Software Engineering ◽

10.4018/jsse.2010102005 ◽

2010 ◽

Vol 1 (1) ◽

pp. 74-91 ◽

Cited By ~ 3

Author(s):

Nancy R. Mead

Keyword(s):

Case Studies ◽

Security Requirements ◽

Research Education ◽

The Past ◽

Adequate Information ◽

Security Research ◽

Technology Transition ◽

Student Projects

The premise of this article is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have worked with seven development groups in five organizations in the process of refining and transitioning the Security Quality Requirements Engineering (SQUARE) and SQUARE-Lite methods into practice. These experiences have provided the opportunity to step back and assess the use of pilots in conjunction with student projects to support method refinement and technology transition. Although SQUARE and SQUARE-Lite are concerned with security requirements, the benefits and challenges that have been observed would apply to many security research and technology transition efforts. We itemize and justify these benefits and challenges and discuss their practical relevance and application to ensuring adequate information assurance protection.

Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method

Integrating Security and Software Engineering ◽

10.4018/978-1-59904-147-6.ch003 ◽

2007 ◽

pp. 43-69 ◽

Cited By ~ 8

Author(s):

N. R. Mead

Keyword(s):

Systematic Approach ◽

Promising Method ◽

Security Requirements ◽

Software Systems ◽

Quality Requirements ◽

Student Teams ◽

Engineering Institute

In this chapter, we describe general issues in developing security requirements, meth-ods that have been useful, and a method (SQUARE) that can be used for eliciting, analyzing, and documenting security requirements for software systems. SQUARE, which was developed by the CERT Program at Carnegie Mellon University’s Soft-ware Engineering Institute, provides a systematic approach to security requirements engineering. SQUARE has been used on a number of client projects by Carnegie Mellon student teams, prototype tools have been developed, and research is ongoing to improve this promising method.

Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch065 ◽

2008 ◽

pp. 943-963

Author(s):

N. R. Mead

Keyword(s):

Systematic Approach ◽

Promising Method ◽

Security Requirements ◽

Software Systems ◽

Quality Requirements ◽

Student Teams ◽

Engineering Institute

In this chapter, we describe general issues in developing security requirements, methods that have been useful, and a method (SQUARE) that can be used for eliciting, analyzing, and documenting security requirements for software systems. SQUARE, which was developed by the CERT Program at Carnegie Mellon University’s Soft-ware Engineering Institute, provides a systematic approach to security requirements engineering. SQUARE has been used on a number of client projects by Carnegie Mellon student teams, prototype tools have been developed, and research is ongoing to improve this promising method.

Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses and Curricula

Software Engineering ◽

10.4018/978-1-60566-102-5.ch006 ◽

2009 ◽

pp. 98-113 ◽

Cited By ~ 1

Author(s):

Nancy R. Mead ◽

Dan Shoemaker

Keyword(s):

Software Engineering ◽

Case Studies ◽

Security Requirements ◽

Course Materials ◽

Body Of Knowledge ◽

Relationship Of ◽

The Relationship ◽

Future Plans

This chapter describes methods of incorporating security requirements engineering into software engineering courses and curricula. The chapter discusses the importance of security requirements engineering and the relationship of security knowledge to general computing knowledge by comparing a security body of knowledge to standard computing curricula. Then security requirements is related to standard computing curricula and educational initiatives in security requirements engineering are described, with their results. An expanded discussion of the SQUARE method in security requirements engineering case studies is included, as well as future plans in the area. Future plans include the development and teaching of academic course materials in security requirements engineering, which will then be made available to educators. The authors hope that more educators will be motivated to teach security requirements engineering in their software engineering courses and to incorporate it in their curricula.