Deakin University
Browse

File(s) under permanent embargo

Capturing security requirements using essential use cases (EUCs)

Version 2 2024-06-06, 11:44
Version 1 2016-03-01, 12:49
chapter
posted on 2024-06-06, 11:44 authored by S Yahya, M Kamalrudin, S Sidek, J Grundy
Capturing security requirements is a complex process, but it is crucial to the success of a secure software product. Hence, requirements engineers need to have security knowledge when eliciting and analyzing the security requirements from business requirements. However, the majority of requirements engineers lack such knowledge and skills, and they face difficulties to capture and understand many security terms and issues. This results in capturing inaccurate, inconsistent and incomplete security requirements that in turn may lead to insecure software systems. In this paper, we describe a new approach of capturing security requirements using an extended Essential Use Cases (EUCs) model. This approach enhances the process of capturing and analyzing security requirements to produce accurate and complete requirements. We have evaluated our prototype tool using usability testing and assessment of the quality of our generated EUC security patterns by security engineering experts. © Springer-Verlag Berlin Heidelberg 2014.

History

Chapter number

2

Pagination

16-30

Location

Auckland, New Zealand

Start date

2014-04-28

End date

2014-04-29

ISSN

1865-0929

ISBN-13

9783662436097

Language

eng

Publication classification

B Book chapter, B1.1 Book chapter

Copyright notice

2014, Springer

Extent

16

Editor/Contributor(s)

Zowghi D, Jin Z

Publisher

Springer

Place of publication

Berlin, Germany

Title of book

Requirements engineering : first Asia Pacific Requirements Engineering Symposium, APRES 2014, Auckland, New Zealand, April 28-29, 2014, proceedings