Model Oriented Security Requirements Engineering (MOSRE) Framework for Web Applications

Salini, P.; Kanmani, S.

doi:10.1007/978-3-642-31552-7_36

Cited by 16 publications

(20 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security requirements are then documented in a Security Requirements Specification Document which will be refined in subsequent iterations of the SREP process. In the MOSRE process proposed in [21], UMLsec and SecureUML [22] are suggested for security based modeling of the functional requirements. UML based models have not been considered in our aim to model requirements.…”

Section: Uml Basedmentioning

confidence: 99%

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

Maskani¹,

Boutahar²,

Houssaïni³

2017

IJAIS

View full text Add to dashboard Cite

In Security Requirements Engineering, many approaches offer different ways to model security requirements. This paper presents a model that can be used in conjunction with any of the former approaches. The model is an extension of SysML requirements diagrams that adds concepts from Security Requirements Engineering: Stakeholder, Goal, Asset and Risk. The proposed model is illustrated by applying it to a telemedicine system.

show abstract

Section: Uml Basedmentioning

confidence: 99%

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

Maskani¹,

Boutahar²,

Houssaïni³

2017

IJAIS

View full text Add to dashboard Cite

show abstract

“…Different techniques can be used to identify the assets like interview, questionnaires or brainstorming. Assets can be categorized under the preferences of low, medium and high-level confidentiality, integrity and availability [13]. In our scenario, we do not assume to categorize the assets in terms of references.…”

Section: Assetsmentioning

confidence: 99%

“…These techniques help in overcoming communication issues between stakeholders from different backgrounds. Other than these some of elicitation techniques are interviewing, brainstorming, sketching and storyboarding, use case modeling and questionnaires and checklist [13].…”

Section: Select Elicitation Techniquementioning

confidence: 99%

See 1 more Smart Citation

A Goal based Framework by adopting SQUARE Process for Privacy and Security Requirement Engineering

Hayat¹,

Shakoor²,

Mubarak³

et al. 2017

IJCA

View full text Add to dashboard Cite

Identifying, categorizing and prioritizing requirements in terms of privacy and security is the main concern for software developers. Privacy requirement gathering is remain the challenge for software engineers for distributed and complex software. Privacy and security requirement engineering is important step in building these software systems. For this different privacy requirement engineering approaches has been proposed such as security quality requirement engineering (SQUARE) which provide a step for elicitation of requirements in terms of privacy. The purpose of this paper is to support the requirement engineers by modifying the SQUARE approach by providing a process of analysis and evaluate the goal based assets with a framework to identify security goals in accordance to the privacy and security requirements both.

show abstract

“…3) MOSRE: The aim of the Model Oriented Security Requirements Engineering approach [9] is the use of models (App's use cases, misuse cases, …) to make the traceability and analysis of requirements easier. It's tailored for web applications.…”

Section: ) Kaos Anti-modelsmentioning

confidence: 99%

Analysis of Security Requirements Engineering: Towards a Comprehensive Approach

Maskani¹,

Boutahar²,

Houssaïni³

2016

ijacsa

View full text Add to dashboard Cite

Abstract-Software's security depends greatly on how a system was designed, so it's very important to capture security requirements at the requirements engineering phase. Previous research proposes different approaches, but each is looking at the same problem from a different perspective such as the user, the threat, or the goal perspective. This creates huge gaps between them in terms of the used terminology and the steps followed to obtain security requirements. This research aims to define an approach as comprehensive as possible, incorporating the strengths and best practices found in existing approaches, and filling the gaps between them. To achieve that, relevant literature reviews were studied and primary approaches were compared to find their common and divergent traits.To guarantee comprehensiveness, a documented comparison process was followed. The outline of our approach was derived from this comparison. As a result, it reconciles different perspectives to security requirements engineering by including: the identification of stakeholders, assets and goals, and tracing them later to the elicited requirements, performing risk assessment in conformity with standards and performing requirements validation. It also includes the use of modeling artifacts to describe threats, risks or requirements, and defines a common terminology.

show abstract

Model Oriented Security Requirements Engineering (MOSRE) Framework for Web Applications

Cited by 16 publications

References 9 publications

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

A Goal based Framework by adopting SQUARE Process for Privacy and Security Requirement Engineering

Analysis of Security Requirements Engineering: Towards a Comprehensive Approach

Contact Info

Product

Resources

About