Capturing Security Requirements Using Essential Use Cases (EUCs)

UNSPECIFIED (2014) Capturing Security Requirements Using Essential Use Cases (EUCs). In: UNSPECIFIED, (ed.) Communications in Computer and Information Science, Requirements Engineering,. Springer Verlag.

[img]
Preview
PDF
chp-3A10.1007-2F978-3-662-43610-3_2.pdf

Download (1MB)

Abstract

Capturing security requirements is a complex process, but it is crucial to the success of a secure software product. Hence, requirements engineers need to have security knowledge when eliciting and analyzing the security requirements from business requirements. However, the majority of requirements engineers lack such knowledge and skills, and they face difficulties to capture and understand many security terms and issues. This results in capturing inaccurate, inconsistent and incomplete security requirements that in turn may lead to insecure software systems. In this paper, we describe a new approach of capturing security requirements using an extended Essential Use Cases (EUCs) model. This approach enhances the process of capturing and analyzing security requirements to produce accurate and complete requirements. We have evaluated our prototype tool using usability testing and assessment of the quality of our generated EUC security patterns by security engineering experts.

Item Type: Book Chapter
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Faculty of Information and Communication Technology > Department of Software Engineeering
Depositing User: Dr Massila Kamalrudin
Date Deposited: 11 Nov 2014 22:18
Last Modified: 28 May 2015 04:33
URI: http://eprints.utem.edu.my/id/eprint/13712
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item