Future of Information and Communication Conference (FICC) 2024
4-5 April 2024
Publication Links
IJACSA
Special Issues
Future of Information and Communication Conference (FICC)
Computing Conference
Intelligent Systems Conference (IntelliSys)
Future Technologies Conference (FTC)
International Journal of Advanced Computer Science and Applications(IJACSA), Volume 7 Issue 11, 2016.
Abstract: Software’s security depends greatly on how a system was designed, so it’s very important to capture security requirements at the requirements engineering phase. Previous research proposes different approaches, but each is looking at the same problem from a different perspective such as the user, the threat, or the goal perspective. This creates huge gaps between them in terms of the used terminology and the steps followed to obtain security requirements. This research aims to define an approach as comprehensive as possible, incorporating the strengths and best practices found in existing approaches, and filling the gaps between them. To achieve that, relevant literature reviews were studied and primary approaches were compared to find their common and divergent traits. To guarantee comprehensiveness, a documented comparison process was followed. The outline of our approach was derived from this comparison. As a result, it reconciles different perspectives to security requirements engineering by including: the identification of stakeholders, assets and goals, and tracing them later to the elicited requirements, performing risk assessment in conformity with standards and performing requirements validation. It also includes the use of modeling artifacts to describe threats, risks or requirements, and defines a common terminology.
Ilham Maskani, Jaouad Boutahar and Souhaïl El Ghazi El Houssaïni, “Analysis of Security Requirements Engineering: Towards a Comprehensive Approach” International Journal of Advanced Computer Science and Applications(IJACSA), 7(11), 2016. http://dx.doi.org/10.14569/IJACSA.2016.071106
@article{Maskani2016,
title = {Analysis of Security Requirements Engineering: Towards a Comprehensive Approach},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2016.071106},
url = {http://dx.doi.org/10.14569/IJACSA.2016.071106},
year = {2016},
publisher = {The Science and Information Organization},
volume = {7},
number = {11},
author = {Ilham Maskani and Jaouad Boutahar and Souhaïl El Ghazi El Houssaïni}
}
Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.