Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method

Systematic Approach ◽

Promising Method ◽

Security Requirements ◽

Software Systems ◽

Quality Requirements ◽

Student Teams ◽

Engineering Institute

In this chapter, we describe general issues in developing security requirements, meth-ods that have been useful, and a method (SQUARE) that can be used for eliciting, analyzing, and documenting security requirements for software systems. SQUARE, which was developed by the CERT Program at Carnegie Mellon University’s Soft-ware Engineering Institute, provides a systematic approach to security requirements engineering. SQUARE has been used on a number of client projects by Carnegie Mellon student teams, prototype tools have been developed, and research is ongoing to improve this promising method.

Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch065 ◽

2008 ◽

pp. 943-963

Author(s):

N. R. Mead

Keyword(s):

Systematic Approach ◽

Promising Method ◽

Security Requirements ◽

Software Systems ◽

Quality Requirements ◽

Student Teams ◽

Engineering Institute

In this chapter, we describe general issues in developing security requirements, methods that have been useful, and a method (SQUARE) that can be used for eliciting, analyzing, and documenting security requirements for software systems. SQUARE, which was developed by the CERT Program at Carnegie Mellon University’s Soft-ware Engineering Institute, provides a systematic approach to security requirements engineering. SQUARE has been used on a number of client projects by Carnegie Mellon student teams, prototype tools have been developed, and research is ongoing to improve this promising method.

Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods

Security-Aware Systems Applications and Software Development Methods ◽

10.4018/978-1-4666-1580-9.ch006 ◽

2012 ◽

pp. 89-107 ◽

Cited By ~ 1

Author(s):

Nancy R. Mead

Keyword(s):

Case Studies ◽

Information Assurance ◽

Security Requirements ◽

Quality Requirements ◽

Research Education ◽

Security Research ◽

Technology Transition ◽

Student Projects

The premise of this paper is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have worked with seven development groups in five organizations in the process of refining and transitioning the Security Quality Requirements Engineering (SQUARE) and SQUARE-Lite methods into practice. These experiences have provided the opportunity to step back and assess the use of pilots in conjunction with student projects to support method refinement and technology transition. Although SQUARE and SQUARE-Lite are concerned with security requirements, the benefits and challenges that have been observed would apply to many security research and technology transition efforts. We itemize and justify these benefits and challenges and discuss their practical relevance and application to ensuring adequate information assurance protection.

Estimating influence of threat using Misuse Case Oriented Quality Requirements (MCOQR) metrics: Security requirements engineering perspective

International Journal of Hybrid Intelligent Systems ◽

10.3233/his-170237 ◽

2017 ◽

Vol 14 (1-2) ◽

pp. 1-11

Author(s):

Chitresh Banerjee ◽

Arpita Banerjee ◽

S.K. Sharma

Keyword(s):

Security Requirements ◽

Quality Requirements ◽

Misuse Case ◽

Security Requirements Engineering

Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education

19th Conference on Software Engineering Education & Training (CSEET'06) ◽

10.1109/cseet.2006.30 ◽

2006 ◽

Cited By ~ 14

Author(s):

N.R. Mead ◽

E.D. Hough

Keyword(s):

Software Engineering ◽

Engineering Education ◽

Case Studies ◽

Security Requirements ◽

Software Systems ◽

Software Engineering Education ◽

Security Requirements Engineering

Security Requirements Engineering for Evolving Software Systems

International Journal of Secure Software Engineering ◽

10.4018/jsse.2010102004 ◽

2010 ◽

Vol 1 (1) ◽

pp. 54-73 ◽

Cited By ~ 15

Author(s):

Armstrong Nhlabatsi ◽

Bashar Nuseibeh ◽

Yijun Yu

Keyword(s):

Software Evolution ◽

Extended Period ◽

Security Requirements ◽

Software Systems ◽

Novel Technologies ◽

Evolutionary Changes ◽

Cross Fertilization ◽

Review Current

Long-lived software systems often undergo evolution over an extended period. Evolution of these systems is inevitable as they need to continue to satisfy changing business needs, new regulations and standards, and introduction of novel technologies. Such evolution may involve changes that add, remove, or modify features; or that migrate the system from one operating platform to another. These changes may result in requirements that were satisfied in a previous release of a system not being satisfied in subsequent versions. When evolutionary changes violate security requirements, a system may be left vulnerable to attacks. In this article we review current approaches to security requirements engineering and conclude that they lack explicit support for managing the effects of software evolution. We then suggest that a cross fertilization of the areas of software evolution and security engineering would address the problem of maintaining compliance to security requirements of software systems as they evolve.

Security Requirements Engineering for Evolving Software Systems

Security-Aware Systems Applications and Software Development Methods ◽

10.4018/978-1-4666-1580-9.ch007 ◽

2012 ◽

pp. 108-128 ◽

Cited By ~ 2

Author(s):

Armstrong Nhlabatsi ◽

Bashar Nuseibeh ◽

Yijun Yu

Keyword(s):

Software Evolution ◽

Extended Period ◽

Security Requirements ◽

Software Systems ◽

Security Engineering ◽

Novel Technologies ◽

Evolutionary Changes ◽

Review Current

Long-lived software systems often undergo evolution over an extended period. Evolution of these systems is inevitable as they need to continue to satisfy changing business needs, new regulations and standards, and introduction of novel technologies. Such evolution may involve changes that add, remove, or modify features; or that migrate the system from one operating platform to another. These changes may result in requirements that were satisfied in a previous release of a system not being satisfied in subsequent versions. When evolutionary changes violate security requirements, a system may be left vulnerable to attacks. In this paper we review current approaches to security requirements engineering and conclude that they lack explicit support for managing the effects of software evolution. We then suggest that a cross fertilisation of the areas of software evolution and security engineering would address the problem of maintaining compliance to security requirements of software systems as they evolve.