Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods

2010 ◽  
Vol 1 (1) ◽  
pp. 74-91 ◽  
Author(s):  
Nancy R. Mead
Keyword(s):  
Case Studies ◽  
Requirements Engineering ◽  
Security Requirements ◽  
Research Education ◽  
The Past ◽  
Adequate Information ◽  
Security Research ◽  
Security Requirements Engineering ◽  
Technology Transition ◽  
Student Projects

The premise of this article is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have worked with seven development groups in five organizations in the process of refining and transitioning the Security Quality Requirements Engineering (SQUARE) and SQUARE-Lite methods into practice. These experiences have provided the opportunity to step back and assess the use of pilots in conjunction with student projects to support method refinement and technology transition. Although SQUARE and SQUARE-Lite are concerned with security requirements, the benefits and challenges that have been observed would apply to many security research and technology transition efforts. We itemize and justify these benefits and challenges and discuss their practical relevance and application to ensuring adequate information assurance protection.

Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods

2012 ◽  
pp. 89-107 ◽  
Author(s):  
Nancy R. Mead
Keyword(s):  
Case Studies ◽  
Requirements Engineering ◽  
Information Assurance ◽  
Security Requirements ◽  
Quality Requirements ◽  
Research Education ◽  
Security Research ◽  
Security Requirements Engineering ◽  
Technology Transition ◽  
Student Projects

The premise of this paper is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have worked with seven development groups in five organizations in the process of refining and transitioning the Security Quality Requirements Engineering (SQUARE) and SQUARE-Lite methods into practice. These experiences have provided the opportunity to step back and assess the use of pilots in conjunction with student projects to support method refinement and technology transition. Although SQUARE and SQUARE-Lite are concerned with security requirements, the benefits and challenges that have been observed would apply to many security research and technology transition efforts. We itemize and justify these benefits and challenges and discuss their practical relevance and application to ensuring adequate information assurance protection.

Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses and Curricula

2009 ◽  
pp. 98-113 ◽  
Author(s):  
Nancy R. Mead ◽  
Dan Shoemaker
Keyword(s):  
Software Engineering ◽  
Case Studies ◽  
Requirements Engineering ◽  
Security Requirements ◽  
Course Materials ◽  
Body Of Knowledge ◽  
Security Requirements Engineering ◽  
Relationship Of ◽  
The Relationship ◽  
Future Plans

This chapter describes methods of incorporating security requirements engineering into software engineering courses and curricula. The chapter discusses the importance of security requirements engineering and the relationship of security knowledge to general computing knowledge by comparing a security body of knowledge to standard computing curricula. Then security requirements is related to standard computing curricula and educational initiatives in security requirements engineering are described, with their results. An expanded discussion of the SQUARE method in security requirements engineering case studies is included, as well as future plans in the area. Future plans include the development and teaching of academic course materials in security requirements engineering, which will then be made available to educators. The authors hope that more educators will be motivated to teach security requirements engineering in their software engineering courses and to incorporate it in their curricula.

Threat and Risk-Driven Security Requirements Engineering

2012 ◽  
pp. 36-52
Author(s):  
Holger Schmidt
Keyword(s):  
Requirements Engineering ◽  
Security Requirements ◽  
Risk Models ◽  
Security Requirements Engineering ◽  
Strong Focus ◽  
Ict System

In this paper, the author aim to present a threat and risk-driven methodology to security requirements engineering. The chosen approach has a strong focus on gathering, modeling, and analyzing the environment in which a secure ICT-system to be built is located. The knowledge about the environment comprises threat and risk models. As presented in the paper, this security-relevant knowledge is used to assess the adequacy of security mechanisms, which are then selected to establish security requirements.

A Security Requirements Engineering Tool for Domain Engineering in Software Product Lines

2011 ◽  
pp. 73-92
Author(s):  
Jesús Rodríguez ◽  
Eduardo Fernández-Medina ◽  
Mario Piattini ◽  
Daniel Mellado
Keyword(s):  
Requirements Engineering ◽  
Software Product Lines ◽  
Product Line ◽  
Security Requirements ◽  
Engineering Process ◽  
Product Lines ◽  
Requirements Engineering Process ◽  
Security Requirements Engineering ◽  
Software Product ◽  
Automated Support

The concepts of Service-Oriented Architectures and Software Product Lines are currently being paid a considerable amount of attention, both in research and in practice. Both disciplines promise to make the development of flexible, cost-effective software systems possible and to support high levels of reuse, and may sometimes be complementary to each other. In both paradigms, security is a critical issue, although most of the existing product line practices do not comprise all the security requirements engineering activities or provide automated support through which to perform these activities, despite the fact that it is widely accepted that the application of any requirements engineering process or methodology is much more difficult without a CARE (Computer-Aided Requirements Engineering) tool, since it must be performed manually. Therefore, this chapter shall present a tool denominated as SREPPLineTool, which provides automated support through which to facilitate the application of the security quality requirements engineering process for software product lines, SREPPLine. SREPPLineTool simplifies the management of security requirements in product lines by providing us with a guided, systematic and intuitive manner in which to deal with them from the early stages of product line development, thus simplifying the management and the visualization of artefact variability and traceability links and the integration of security standards, along with the management of the security reference model proposed by SREPPLine.

Sign in / Sign up

Export Citation Format

Share Document