A systematic review of security requirements engineering

One of the most important aspects in the achievement of secure software systems in the software development process is what is known as Security Requirements Engineering. However, very few reviews focus on this theme in a systematic, thorough and unbiased manner, that is, none of them perform a systematic review of security requirements engineering, and there is not, therefore, a sufficiently good context in which to operate. In this paper we carry out a systematic review of the existing literature concerning security requirements engineering in order to summarize the evidence regarding this issue and to provide a framework/background in which to appropriately position new research activities.     

A comparison of security requirements engineering methods

This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.     

Experiential learning approach for requirements engineering education

The use of requirements engineering (RE) in industry is hampered by a poor understanding of its practices and their benefits. Teaching RE at the university level is therefore an important endeavor. Shortly before students become engineers and enter the workforce, this education could ideally be provided as an integrated part of developing the requisite business skills for understanding RE. Because much social wisdom is packed into RE methods, it is unrealistic to expect students with little organizational experience to understand and appreciate this body of knowledge; hence, the necessity of an experiential approach. The course described in this paper uses an active, affective, experiential pedagogy giving students the opportunity to experience a simulated work environment that demonstrates the social/design–problem complexities and richness of a development organization in the throes of creating a new product. Emotional and technical debriefing is conducted after each meaningful experience so that students and faculty, alike can better understand the professional relevancies of what they have just experienced. This includes an examination of the many forces encountered in industrial settings but not normally discussed in academic settings. The course uses a low-tech social simulation, rather than software simulation, so that students learn through interaction with real people, and are therefore confronted with the complexity of true social relationships.     

Reusable knowledge in security requirements engineering: a systematic mapping study

Security is a concern that must be taken into consideration starting from the early stages of system development. Over the last two decades, researchers and engineers have developed a considerable number of methods for security requirements engineering. Some of them rely on the (re)use of security knowledge. Despite some existing surveys about security requirements engineering, there is not yet any reference for researchers and practitioners that presents in a systematic way the existing proposals, techniques, and tools related to security knowledge reuse in security requirements engineering. The aim of this paper is to fill this gap by looking into drawing a picture of the literature on knowledge and reuse in security requirements engineering. The questions we address are related to methods, techniques, modeling frameworks, and tools for and by reuse in security requirements engineering. We address these questions through a systematic mapping study. The mapping study was a literature review conducted with the goal of identifying, analyzing, and categorizing state-of-the-art research on our topic. This mapping study analyzes more than thirty approaches, covering 20 years of research in security requirements engineering. The contributions can be summarized as follows: (1) A framework was defined for analyzing and comparing the different proposals as well as categorizing future contributions related to knowledge reuse and security requirements engineering; (2) the different forms of knowledge representation and reuse were identified; and (3) previous surveys were updated. We conclude that most methods should introduce more reusable knowledge to manage security requirements.     

Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems

Software systems are becoming more and more critical in every domain of human society. These systems are used not only by corporates and governments, but also by individuals and across networks of organizations. The wide use of software systems has resulted in the need to contain a large amount of critical information and processes, which certainly need to remain secure. As a consequence, it is important to ensure that the systems are secure by considering security requirements at the early phases of software development life cycle. In this paper, we propose to consider security requirements as functional requirements and apply model-oriented security requirements engineering framework as a systematic solution to elicit security requirements for e-governance software systems. As the result, high level of security can be achieved by more coverage of assets and threats, and identifying more traces of vulnerabilities in the early stages of requirements engineering. This in turn will help to elicit effective security requirements as countermeasures with business requirements.     

Computational organizational science and organizational engineering

The past decade has witnessed the emergence of a new scientific discipline––computational social and organizational science. Within organization science in particular, and social science more generally, scientists and practitioners are turning to computational analysis to address fundamental socio-technical problems that are so complex and dynamic that they cannot be fully addressed by traditional techniques. Consequently, there is an explosion of computational models, computationally generated findings, interest in doing simulation, and a dearth of support for this enterprise. This paper contains discussions of the underlying fundamental perspective, the relation of models to empirical data and characteristics of necessary infrastructure.     

Emerging security requirements

Interest in the security of information systems has increased partly because of evolving systems maturity, and partly in response to dramatic intrusions into major systems. These have included intrusions by amateur ‘hackers’ which, although embarrassing have caused no substantial damage. Intrusions from employees are far more damaging but have not been widely publicized. The paper describes the US government's security policy and its implications for private organizations. A security policy is basic to the concept of security and defines the manner in which an information system can access and manipulate data. Protection mechanisms which enforce security policies are discussed. Mandatory and discretionary policies which form a particular security policy are outlined. The characteristics of a formal security model are also defined, and the design of a secure operating system is discussed. The present status of information systems security is outlined.     

A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities

Many security breaches occur because of exploitation of vulnerabilities within the system. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a methodological framework for security requirements elicitation and analysis centered on vulnerabilities. The framework offers modeling and analysis facilities to assist system designers in analyzing vulnerabilities and their effects on the system; identifying potential attackers and analyzing their behavior for compromising the system; and identifying and analyzing the countermeasures to protect the system. The framework proposes a qualitative goal model evaluation analysis for assessing the risks of vulnerabilities exploitation and analyzing the impact of countermeasures on such risks.     

GARUSO: a gamification approach for involving stakeholders outside organizational reach in requirements engineering

Stakeholder participation is a key success factor of Requirements Engineering (RE). Typically, the techniques used for identifying and involving stakeholders in RE assume that stakeholders can be identified among the members of the organizations involved when a software system is ordered, developed or maintained—and that these stakeholders can be told or even mandated to contribute. However, these assumptions no longer hold for many of today’s software systems where significant stakeholders (in particular, end-users and people affected by a system) are outside organizational reach: They are neither known nor can they easily be identified in the involved organizations nor can they be told to participate in RE activities. We have developed the GARUSO approach to address this problem. It uses a strategy for identifying stakeholders outside organizational reach and a social media platform that applies gamification for motivating these stakeholders to participate in RE activities. In this article, we describe the GARUSO approach and report on its empirical evaluation. We found that the identification strategy attracted a crowd of stakeholders outside organizational reach to the GARUSO platform and motivated them to participate voluntarily in collaborative RE activities. From our findings, we derived a first set of design principles on how to involve stakeholders outside organizational reach in RE. Our work expands the body of knowledge on crowd RE regarding stakeholders outside organizational reach.

     

How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address security and privacy issues. However, understanding why, and when such solutions have to be adopted is often unanswered because the answer comes only from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should analyze the business goals of a company and its organizational structure and derive from there the points where security and privacy problems may arise and which solutions best fit such (legal) problems. The paper investigates the methodological support for capturing security and privacy requirements of a concrete health care provider.

A common criteria based security requirements engineering process for the development of secure information systems

In order to develop security critical Information Systems, specifying security quality requirements is vitally important, although it is a very difficult task. Fortunately, there are several security standards, like the Common Criteria (ISO/IEC 15408), which help us handle security requirements. This article will present a Common Criteria centred and reuse-based process that deals with security requirements at the early stages of software development in a systematic and intuitive way, by providing a security resources repository as well as integrating the Common Criteria into the software lifecycle, so that it unifies the concepts of requirements engineering and security engineering.     

Requirements engineering for organizational transformation

Traditional approaches to requirements elicitation stress systematic and rational analysis and representation of organizational context and system requirements. This paper argues that the introduction of any computer-based system to an organization transforms the organization and changes the work patterns of the system's users in the organization. These changes interact with the users' values and beliefs and trigger emotional responses which are sometimes directed against the computer-based system and its proponents. The paper debunks myths about how smoothly such organizational transformations take place, describes case studies showing how organizational transformation really takes place, and introduces and confirms by case studies some guidelines for eliciting requirements and the relevant emotional issues for a computer-based system that is being introduced into an organization to change its work patterns.     

Supporting scenario-based requirements engineering

Scenarios have been advocated as a means of improving requirements engineering yet few methods or tools exist to support scenario based RE. The paper reports a method and software assistant tool for scenario based RE that integrates with use case approaches to object oriented development. The method and operation of the tool are illustrated with a financial system case study. Scenarios are used to represent paths of possible behavior through a use case, and these are investigated to elaborate requirements. The method commences by acquisition and modeling of a use case. The use case is then compared with a library of abstract models that represent different application classes. Each model is associated with a set of generic requirements for its class, hence, by identifying the class(es) to which the use case belongs, generic requirements can be reused. Scenario paths are automatically generated from use cases, then exception types are applied to normal event sequences to suggest possible abnormal events resulting from human error. Generic requirements are also attached to exceptions to suggest possible ways of dealing with human error and other types of system failure. Scenarios are validated by rule based frames which detect problematic event patterns. The tool suggests appropriate generic requirements to deal with the problems encountered. The paper concludes with a review of related work and a discussion of the prospects for scenario based RE methods and tools     

需求工程的探讨

软件工程被分为需求、设计、实现、测试等几个阶段,其中需求阶段是一个项目的开端,也是项目成功的基石。在软件工程中,需求分析指的是在建立一个新的或改变一个现存的电脑系统时描写新系统的目的、范围、定义和功能时所要做的所有的工作。需求分析是软件工程中的一个关键过程。在这个过程中,系统分析员和软件工程师确定顾客的需要。只有在确定了这些需要后他们才能够分析和寻求新系统的解决方法。在软件工程的历史中,很长时间里人们一直认为需求分析是整个软件工程中最简单的一个步骤,但在过去十年中越来越多的人认识到它是整个过程中最关键的一个过程。假如在需求分析时分析者们未能正确地认识到顾客的需要的话,那么最后的软件实际上不可能达到顾客的需要,或者软件无法在规定的时间里完工。     

Enhancing grid security by fine-grained behavioral control and negotiation-based authorization

Nowadays, Grid has become a leading technology in distributed computing. Grid poses a seamless sharing of heterogeneous computational resources belonging to different domains and conducts efficient collaborations between Grid users. The core Grid functionality defines computational services which allocate computational resources and execute applications submitted by Grid users. The vast models of collaborations and openness of Grid system require a secure, scalable, flexible and expressive authorization model to protect these computational services and Grid resources. Most of the existing authorization models for Grid have granularity to manage access to service invocations while behavioral monitoring of applications executed by these services remains a responsibility of a resource provider. The resource provider executes an application under a local account, and acknowledges all permissions granted to this account to the application. Such approach poses serious security threats to breach system functionality since applications submitted by users could be malicious. We propose a flexible and expressive policy-driven credential-based authorization system to protect Grid computational services against a malicious behavior of applications submitted for the execution. We split an authorization process into two levels: a coarse-grained level that manages access to a computational service; and a fine-grained level that monitors the behavior of applications executed by the computational service. Our framework guarantees that users authorized on a coarse-grained level behave as expected on the fine-grained level. Credentials obtained on the coarse-grained level reflect on fine-grained access decisions. The framework defines trust negotiations on coarse-grained level to overcome scalability problem, and preserves privacy of credentials and security policies of, both, Grid users and providers. Our authorization system was implemented to control access to the Globus Computational GRAM service. A comprehensive performance evaluation shows the practical scope of the proposed system.

Web application security engineering

Integrating security throughout the life cycle can improve overall Web application security. With a detailed review of the steps involved in applying security-specific activities throughout the software development life cycle, the author walks practitioners through effective, efficient application design, development, and testing. With this article, the author shares a way to improve Web application security by integrating security throughout the life cycle. The ideas he present here are based on empirical evidence from consulting with hundreds of customers - real-world scenarios with real project constraints and security concerns - across a variety of scenarios and putting into practice the security techniques that the experts know. The result is an approach that has evolved and refined itself over time.     

Using trust assumptions with security requirements

Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the secure electronic transaction specification.

---