Evaluating the effectiveness of the security quality requirements engineering (SQUARE) method: a case study using smart grid advanced metering infrastructure

Abstract

This paper presents an evaluation of the security quality requirements engineering (SQUARE) method. The evaluation of SQUARE was conducted by its application on the advanced metering infrastructure of smart grid as a case study. We evaluated the effectiveness of SQUARE with respect to its ability to elicit a set of artifacts, threats, and vulnerabilities; to perform likelihood, impact analysis, and risk level determination; and to elicit, categorize, and prioritize the security requirements. The main contribution of this work is the evaluation of the effectiveness of SQUARE using qualitative security requirements engineering method evaluation criteria.