Ilham Maskani scite author profile

Abstract-Software's security depends greatly on how a system was designed, so it's very important to capture security requirements at the requirements engineering phase. Previous research proposes different approaches, but each is looking at the same problem from a different perspective such as the user, the threat, or the goal perspective. This creates huge gaps between them in terms of the used terminology and the steps followed to obtain security requirements. This research aims to define an approach as comprehensive as possible, incorporating the strengths and best practices found in existing approaches, and filling the gaps between them. To achieve that, relevant literature reviews were studied and primary approaches were compared to find their common and divergent traits.To guarantee comprehensiveness, a documented comparison process was followed. The outline of our approach was derived from this comparison. As a result, it reconciles different perspectives to security requirements engineering by including: the identification of stakeholders, assets and goals, and tracing them later to the elicited requirements, performing risk assessment in conformity with standards and performing requirements validation. It also includes the use of modeling artifacts to describe threats, risks or requirements, and defines a common terminology.

show abstract

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

Maskani¹,

Boutahar²,

Houssaïni³

2017

IJAIS

View full text Add to dashboard Cite

In Security Requirements Engineering, many approaches offer different ways to model security requirements. This paper presents a model that can be used in conjunction with any of the former approaches. The model is an extension of SysML requirements diagrams that adds concepts from Security Requirements Engineering: Stakeholder, Goal, Asset and Risk. The proposed model is illustrated by applying it to a telemedicine system.

show abstract

A Security Requirement Engineering Case Study: Challenges and Lessons Learned

Houssaïni

Maskani

Boutahar

2021

View full text Add to dashboard Cite

Experimental Evaluation of Security Requirements Engineering Benefits

Boutahar¹,

Maskani²,

El³

2018

ijacsa

View full text Add to dashboard Cite

Security Requirements Engineering (SRE) approaches are designed to improve information system security by thinking about security requirements at the beginning of the software development lifecycle. This paper is a quantitative evaluation of the benefits of applying such an SRE approach. The followed methodology was to develop two versions of the same web application, with and without using SRE, then comparing the level of security in each version by running different test tools. The subsequent results clearly support the benefits of the early use of SRE with a 38% security improvement in the secure version of the application. This security benefit reaches 67% for high severity vulnerabilities, leaving only non-critical and easy-tofix vulnerabilities.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ilham Maskani

Modeling telemedicine security requirements using a SysML security extension

Analysis of Security Requirements Engineering: Towards a Comprehensive Approach

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

A Security Requirement Engineering Case Study: Challenges and Lessons Learned

Experimental Evaluation of Security Requirements Engineering Benefits

Contact Info

Product

Resources

About