Security Requirements Engineering: A Framework for Representation and Analysis

Haley, Charles B.; Laney, Robin; Moffett, Jonathan; Nuseibeh, Bashar

doi:10.1109/tse.2007.70754

Cited by 353 publications

(280 citation statements)

References 53 publications

Supporting

Mentioning

278

Contrasting

Order By: Relevance

“…In line with existing literature [6,36,37], we define security requirements as constraints on specific functions of a system. Towards this end, security requirements are represented, in Secure Tropos, as Security Constraints.…”

Section: Secure Troposmentioning

confidence: 99%

Selecting Security Mechanisms in Secure Tropos

Pavlidis

Mouratidis

Panaousis

et al. 2017

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

Abstract. As security is a growing concern for modern information systems, Security Requirements Engineering has been developed as a very active area of research. A large body of work deals with elicitation, modelling, analysis, and reasoning about security requirements. However, there is little evidence of efforts to align security requirements with security mechanisms. This paper extends the Secure Tropos methodology to enable a clear alignment, between security requirements and security mechanisms, and a reasoning technique to optimise the selection of security mechanisms based on these security requirements and a set of other factors. The extending Secure Tropos supports modelling and analysis of security mechanisms; defines mathematically relevant modelling concepts to support a formal analysis; and defines and solves an optimisation problem to derive optimal sets of security mechanisms. We demonstrate the applicability of our work with the aid of a case study from the health care domain.

show abstract

Section: Secure Troposmentioning

confidence: 99%

Selecting Security Mechanisms in Secure Tropos

Pavlidis

Mouratidis

Panaousis

et al. 2017

Trust, Privacy and Security in Digital Business

View full text Add to dashboard Cite

show abstract

“…Security requirements can also be defined as a system specification with required security that includes specifications with the types and levels of protection necessary for the data, information, and application of the system [3].…”

Section: Of Studymentioning

confidence: 99%

“…These instances justify the need for an automation that can help to elicit security requirements and attributes, especially for the novice. To overcome this issue, Haley et al [3] has presented an approach to support security requirements elicitation and analysis. They used a method to construct a system context using a problem-oriented notation.…”

Section: (Figure 2) Security Requirements and Its Related Security Atmentioning

confidence: 99%

Meeting Real Challenges in Eliciting Security Attributes for Mobile Application Development

Yusop¹,

Kamalrudin²,

Yusof³

et al. 2016

Journal of Internet Computing and Services

View full text Add to dashboard Cite

There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security-related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.☞ keyword : Security requirement, security attribute, mobile application development

show abstract

“…Haley et al [8], have used Toulmin's argument structure to recursively represent the rebuttals and mitigations when reasoning about the satisfaction of security requirements. In their approach, security requirements are expressed as claims, and are supported by grounds and warrants.…”

Section: Problem Frames and Security Argumentsmentioning

confidence: 99%

Privacy arguments: Analysing selective disclosure requirements for mobile applications

Tun

Bandara

Price

et al. 2012

2012 20th IEEE International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Abstract-Privacy requirements for mobile applications offer a distinct set of challenges for requirements engineering. First, they are highly dynamic, changing over time and locations, and across the different roles of agents involved and the kinds of information that may be disclosed. Second, although some general privacy requirements can be elicited a priori, users often refine them at runtime as they interact with the system and its environment. Selectively disclosing information to appropriate agents is therefore a key privacy management challenge, requiring carefully formulated privacy requirements amenable to systematic reasoning. In this paper, we introduce privacy arguments as a means of analysing privacy requirements in general and selective disclosure requirements (that are both content-and context-sensitive) in particular. Privacy arguments allow individual users to express personal preferences, which are then used to reason about privacy for each user under different contexts. At runtime, these arguments provide a way to reason about requirements satisfaction and diagnosis. Our proposed approach is demonstrated and evaluated using the privacy requirements of BuddyTracker, a mobile application we developed as part of our overall research programme.

show abstract

Security Requirements Engineering: A Framework for Representation and Analysis

Cited by 353 publications

References 53 publications

Selecting Security Mechanisms in Secure Tropos

Selecting Security Mechanisms in Secure Tropos

Meeting Real Challenges in Eliciting Security Attributes for Mobile Application Development

Privacy arguments: Analysing selective disclosure requirements for mobile applications

Contact Info

Product

Resources

About