A model based security requirements engineering framework applied for online trading system

Abstract

Security engineering is a new research area in software engineering that covers the definition of processes, plans and designs for security. The researchers are working in this area and however there is a lack in security requirements treatment in this field. Requirements engineering is a major action that begins during the communication activity and continues into the modeling activity. Requirements engineering builds a bridge to design and construction. The security requirements is one of the non functional requirements which acts as constrains on the functions of the system, but our view is that security requirements to be considered as functional requirements and to be analyzed during the earlier phase of software development i.e. Requirements engineering phase. An increasing part of the communication and sharing of information in our society utilizes electronic media. IT security is becoming central to the ability to fulfil business goals, build trustworthy systems, and protect assets. In order to develop systems with adequate security features, it is essential to capture the corresponding security needs and requirements. It is called as the Security requirements engineering, which is emerging as a branch of software engineering, spurred by the realization that security must be dealt with early during requirements phase. In this paper we have proposed a framework for Security Requirements engineering and applied on online trading system. Online trading systems form a critical part of the securities and capital markets today. By using security requirements engineering framework we are able to develop a secure online trading system. The results obtained using Proposed Security Requirements Engineering Framework is simple and better than the Haley and His Colleagues Framework.