Analysis of Security Requirements Engineering: Towards a Comprehensive Approach

Maskani, Ilham; Boutahar, Jaouad; Houssaïni, Souhaïl El Ghazi El

doi:10.14569/ijacsa.2016.071106

Cited by 5 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The goal of this paper is to make such a quantitative evaluation by developing two versions of the same web application, with and without using an SRE approach and evaluating their levels of security. The SRE approach that will be used is CompaSRE, a proprietary approach detailed in previous work [2]. For evaluation purposes, there's a plethora of testing methods and tools that could be used.…”

Section: Introductionmentioning

confidence: 99%

Experimental Evaluation of Security Requirements Engineering Benefits

Boutahar¹,

Maskani²,

El³

2018

ijacsa

Self Cite

View full text Add to dashboard Cite

Security Requirements Engineering (SRE) approaches are designed to improve information system security by thinking about security requirements at the beginning of the software development lifecycle. This paper is a quantitative evaluation of the benefits of applying such an SRE approach. The followed methodology was to develop two versions of the same web application, with and without using SRE, then comparing the level of security in each version by running different test tools. The subsequent results clearly support the benefits of the early use of SRE with a 38% security improvement in the secure version of the application. This security benefit reaches 67% for high severity vulnerabilities, leaving only non-critical and easy-tofix vulnerabilities.

show abstract

Section: Introductionmentioning

confidence: 99%

Experimental Evaluation of Security Requirements Engineering Benefits

Boutahar¹,

Maskani²,

El³

2018

ijacsa

Self Cite

View full text Add to dashboard Cite

show abstract

“…In previous work [1], we did a thorough analysis of existing security requirements engineering approaches. We proposed the outline for a comprehensive approach (hereafter referred to as CompASRE), incorporating the strengths and best practices found in existing approaches, and filling the gaps between them.…”

Section: Introductionmentioning

confidence: 99%

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

Maskani¹,

Boutahar²,

Houssaïni³

2017

IJAIS

Self Cite

View full text Add to dashboard Cite

In Security Requirements Engineering, many approaches offer different ways to model security requirements. This paper presents a model that can be used in conjunction with any of the former approaches. The model is an extension of SysML requirements diagrams that adds concepts from Security Requirements Engineering: Stakeholder, Goal, Asset and Risk. The proposed model is illustrated by applying it to a telemedicine system.

show abstract