INTERNATIONAL RESEARCH JOURNAL OF SCIENCE ENGINEERING AND TECHNOLOGY

( Online- ISSN 2454 -3195 ) New DOI : 10.32804/RJSET

Impact Factor* - 6.2311


**Need Help in Content editing, Data Analysis.

Research Gateway

Adv For Editing Content

   No of Download : 188    Submit Your Rating     Cite This   Download        Certificate

REVISITING REQUIREMENT ELICITATION PROCESS: A SECURITY PERSPECTIVE

    5 Author(s):  VIRENDRA SINGH,DHIRENDRA PANDEY,MOHD WARIS KHAN,MANISH JOSHI, MOHD FAIZAN

Vol -  9, Issue- 1 ,         Page(s) : 46 - 54  (2019 ) DOI : https://doi.org/10.32804/RJSET

Abstract

There are myriads of security elicitation techniques available in the literature but their industrial implementation is inadequate. It is an important aspect of requirement engineering which assists system analyst toin making sure that the security requirements are unambiguous, complete and consistent. Security is an instinctive property of the program that is missing today in most applications. Organizations need to improve their existing application development lifecycle to incorporate software security measures. Security requirement elicitation techniques can help in the completion of project within the given schedule, cost, budget and according to the desired security functionality. Further, this paper explores the various security requirement elicitation needs, challenges and techniques that may be helpful for security practitioners.

1. Davis, A., Dieste, O., Hickey, A., Juristo, N. and Moreno, A.M., “Effectiveness of requirements elicitation techniques: Empirical results derived from a systematic review”, In Proc. of the IEEE Int. Req. Eng. Conf. (RE), pages 176-185, 2006.
2. Pandey, D., U. Suman and Ramani, A. K., “An Effective Requirement Engineering Process Model for Software Development and Requirements Management”, International Conference on Advances in Recent Technologies in Communication and Computing, pp. 287-291, 2010.
3. Allen, J. H., Barnum, S., Ellison, R. J., McGraw, G., & Mead, N. R. “Software Security Engineering: A Guide for Project Managers”, Boston, MA: Addison-Wesley, 2008.
4. Rushby, J., “Security requirements specifications: How and what”, in Symposium on Requirements Engineering for Information Security (SREIS), vol. 441, 2001.
5. Sindre, G., and Opdahl., A.L. “Eliciting security requirements with misuse cases”, Requirements Engineering, pp. 34-44, 2005.
6. Mouratidis, H., “Extending TROPOS Methodology to Accommodate Security”, Progress Report, Computer Science Department, University of Sheffield, October, 2002.
7. Matulevicius, R., Mayer, N., and Heymans, P., “Alignment of misuse cases with security risk management”, ARES, 3rd International Conference on Availability, Security, and Reliability, Proceedings , pp. 1397-1404, 2008.
8. Tndel, I., Jensen, J., and Rstad, L., “Combining misuse cases with attack trees and security activity models, in Availability, Reliability, and Security”, ARES’10 International Conference on, pp. 438–445, 2010.
9. Kulak, D., and Guiney, E., “Use Cases: Requirements in Context”, ACM Press, 2000
10. Alexander, I., “Initial industrial experience of misuse cases in trade off analysis”, In Proceeding IEEE Joint International Conference Requirements Engineering, pp.61-68, 2002.
11. Mouratidis, H., Giorgini, P., and Manson, G., “Integrating security and systems engineering: Towards the modelling of secure information systems”, in Advanced Information Systems Engineering, pp. 1031–1031, 2003.
12. Moffett, J.D., Haley, C.B., and Nuseibeh, B., “Core security requirements artefacts”, Department of Computing, The Open University, Milton Keynes, UK, Technical Report, vol. 23, 2004.
13. Mouratidis, H. and Giorgini, P., “Secure tropos: A security‐oriented extension of the tropos methodology”, International Journal of Software Engineering and Knowledge Engineering, vol. 17, no. 2, pp. 285–309, 2007.
14. Chung, L. and do Prado Leite, J., “On non functional requirements in software engineering”, Conceptual modelling: Foundations and applications, pp. 363– 379, 2009.
15. Ahmed, N. and Matulevičius, R., “Towards Transformation Guidelines from Secure Tropos to Misuse Cases”, (Position Paper), 2011.
16. Khan, M.U.A. and Zulkernine, M., “A Survey on Requirements and Design Methods for Secure Software Development, Technical Report No. 562 , School of Computing, Queen’s University, Kingston, Ontario, Canada, August, 2009.
17. Haley, C.B., Moffett, J.D., Laney, R., and Nuseibeh, B., A framework for security requirements engineering, in Proceedings of the 2006 international workshop on Software engineering for secure systems, pp. 35–42, 2006.
18. Gregoire, J., Buyens, K., De Win, B., Scandariato, R. and Joosen, W. “On the Secure Software Development Process: CLASP and SDL Compared”, In SESS ’07:Proceedings of the Third International Workshop on Software Engineering for Secure Systems(Minneapolis, MN), pp.1-7, 2007.
19. Hadavi, M.A., Sangchi, H., Hamishagi, V., and Shirazi, H., “Software security; a vulnerability activity revisit, in Availability, Reliability and Security”, ARES 08. Third International Conference on, pp. 866–872, 2008.
20. Okubo, T., Taguchi, K., and Yoshioka, N., “Misuse cases + assets + security goals”, Proceedings, 12th IEEE International Conference on Computational Science and Engineering, CSE, pp. 424-429, 2009.
21. Wohlin, C., Runeson, P., and Höst, M., “Experimentation in Software Engineering: An Introduction”, 1st ed. Springer, 1999.
22. Fuxman, A., Kazhamiakin, R., Pistore, M., and Roveri, M., “Formal Tropos: language and semantics”, University of Trento and IRST, 2003.
23. Buecker, A., Borrett, M., Lorenz, C., Powers, C., “Introducing the IBM Security Frameworks and IBM Security Blueprint to Realize Business Driven Security Redbooks”, 2010.
24. Neetu Kumari.S, Anitha S. Pillai “A study on the software requirements elicitation issues Its causes and effects”, Third World Congress on Information and Communication Technologies (WICT), 2013.
25. Naveed Ikram, Surayya Siddiqui, Naurin Farooq Khan “Security Requirement Elicitation Techniques: The Comparison of Misuse Cases and Issue Based Information Systems” EmpiRE, Karlskrona, Sweden, 2014.
26. Amina Souag, Camille Salinesi, RaúlMazo, and Isabelle Comyn-Wattiau “A Security Ontology for Security Requirements Elicitation” in Engineering secure software and systems, Springer International Publishing Switzerland, vol. 8978, pp. 157–177, 2015.
27. M. R Raja Ramesh, Ch. Satyananda Reddy “A Survey on Security Requirement Elicitation Methods: Classification, Merits and Demerits”, International Journal of Applied Engineering Research, Vol.11, Number 1, pp. 64-70, 2016.
28. Usman Rafiq, Sohaib Shahid Bajwa, Xiaofeng Wang, Ilaria Lunesu “Requirements Elicitation Techniques Applied in Software Startups”, 43rd Euromicro Conference on Software Engineering and Advanced Applications, 2017.
29. Dhirendra Pandey, Mohd. Waris Khan, Vandana Pandey, “Framework for requirement Validation”, International Conference on Advances in Engineering & Technology (AET-2013), ISBN-928-81-927082-1-7, (Print): 37-42, 2013.
30. Dhirendra Pandey, Mohd. Waris Khan, Vandana Pandey, “Role of reqirement validation in requirement Development”, International Conference on recent Development in Engineering and Technology, ISBN: 978-93-82208-29-7, (Print): 97-101, Mysore-2012.
31. Mohd Waris Khan, Vinodini Katiyar, Dhirendra Pandey, Neeraj Kumar Tiwari, Rishabh Kumar, “The Role of Requirement Engineering Practices in E-Learning Services”, Global Journal of Multidisciplinary Studies,  Volume 3, Issue 5, pp. 314-329,  April 2014.
32. Mohd Waris Khan, D. Pandey and S. A. Khan, “Test Plan Specification using Security Attributes: A Design Perspective”, ICIC Express Letters, no.12(10), pp. 1061-1069, 2018.

*Contents are provided by Authors of articles. Please contact us if you having any query.






Bank Details