Abstract
With continuous evolution in software industry, security is becoming very important in software projects. However, in many development methodologies, security is thought to be added in the project at later stages of the development lifecycle. There are also many proposed methodologies where the security measures are considered at requirement engineering stage of the development lifecycle, but many of them still do not seem adequate for applicability due to the reason that these approaches do not provide sufficient support for mapping the security requirements to the later stages of development. So, we are in need of a software requirement engineering approach, which is not only helpful in security requirement specification at requirement engineering stage but also provides support for using the specified security requirements at later stages of development. To meet this requirement, we introduce a new method Secure and Traceable Requirement Engineering Process (STREP). This method also helps the non-security-expert requirement engineers to specify requirements in such a way that the specified requirements can be used to derive security related test cases. STREP method not only deals with security issues of the system at requirement engineering stage, but also makes the security requirements more traceable to be used at later stages of development lifecycle, and as a result, secure systems are produced that are also usable as the customer wishes.
Highlights
In a software development lifecycle, this requirements engineering is the first important and main stage
We introduce a new method Secure and Traceable Requirement Engineering Process (STREP)
STREP method deals with security issues of the system at requirement engineering stage, and makes the security requirements more traceable to be used at later stages of development lifecycle, and as a result, secure systems are produced that are usable as the customer wishes
Summary
In a software development lifecycle, this requirements engineering is the first important and main stage. Our major goal is to introduce a security specific requirement engineering process that is helpful at requirements specification stage and helpful at the stages of development lifecycle. In the development of security-sensitive system, secure requirements are used at all stages of development lifecycles, and there should be proper processes for specifying secure requirements at requirement engineering stage. A process STREP, Secure and Traceable Requirement Engineering Process, is being proposed with the intent to be helpful and Traceable at the later stages of the development lifecycle. The basic purposes of proposing the STREP method are: 1) To have a more efficient and user-friendly process for security requirement specification.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have