Capturing security requirements using essential use cases (EUCs)
Version 2 2024-06-06, 11:44Version 2 2024-06-06, 11:44
Version 1 2016-03-01, 12:49Version 1 2016-03-01, 12:49
chapter
posted on 2024-06-06, 11:44 authored by S Yahya, M Kamalrudin, S Sidek, J GrundyCapturing security requirements is a complex process, but it is crucial to the success of a secure software product. Hence, requirements engineers need to have security knowledge when eliciting and analyzing the security requirements from business requirements. However, the majority of requirements engineers lack such knowledge and skills, and they face difficulties to capture and understand many security terms and issues. This results in capturing inaccurate, inconsistent and incomplete security requirements that in turn may lead to insecure software systems. In this paper, we describe a new approach of capturing security requirements using an extended Essential Use Cases (EUCs) model. This approach enhances the process of capturing and analyzing security requirements to produce accurate and complete requirements. We have evaluated our prototype tool using usability testing and assessment of the quality of our generated EUC security patterns by security engineering experts. © Springer-Verlag Berlin Heidelberg 2014.
History
Chapter number
2Pagination
16-30Location
Auckland, New ZealandPublisher DOI
Start date
2014-04-28End date
2014-04-29ISSN
1865-0929ISBN-13
9783662436097Language
engPublication classification
B Book chapter, B1.1 Book chapterCopyright notice
2014, SpringerExtent
16Editor/Contributor(s)
Zowghi D, Jin ZPublisher
SpringerPlace of publication
Berlin, GermanyTitle of book
Requirements engineering : first Asia Pacific Requirements Engineering Symposium, APRES 2014, Auckland, New Zealand, April 28-29, 2014, proceedingsUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC