DOI: 10.14569/IJACSA.2016.071106

Analysis of Security Requirements Engineering: Towards a Comprehensive Approach

Author 1: Ilham Maskani
Author 2: Jaouad Boutahar
Author 3: Souhaïl El Ghazi El Houssaïni

International Journal of Advanced Computer Science and Applications(IJACSA), Volume 7 Issue 11, 2016.

Abstract: Software’s security depends greatly on how a system was designed, so it’s very important to capture security requirements at the requirements engineering phase. Previous research proposes different approaches, but each is looking at the same problem from a different perspective such as the user, the threat, or the goal perspective. This creates huge gaps between them in terms of the used terminology and the steps followed to obtain security requirements. This research aims to define an approach as comprehensive as possible, incorporating the strengths and best practices found in existing approaches, and filling the gaps between them. To achieve that, relevant literature reviews were studied and primary approaches were compared to find their common and divergent traits. To guarantee comprehensiveness, a documented comparison process was followed. The outline of our approach was derived from this comparison. As a result, it reconciles different perspectives to security requirements engineering by including: the identification of stakeholders, assets and goals, and tracing them later to the elicited requirements, performing risk assessment in conformity with standards and performing requirements validation. It also includes the use of modeling artifacts to describe threats, risks or requirements, and defines a common terminology.

Keywords: Security requirements; Requirements engineering; Security standards; Comparison; Risk assessment

Ilham Maskani, Jaouad Boutahar and Souhaïl El Ghazi El Houssaïni, “Analysis of Security Requirements Engineering: Towards a Comprehensive Approach” International Journal of Advanced Computer Science and Applications(IJACSA), 7(11), 2016. http://dx.doi.org/10.14569/IJACSA.2016.071106

@article{Maskani2016,
title = {Analysis of Security Requirements Engineering: Towards a Comprehensive Approach},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2016.071106},
url = {http://dx.doi.org/10.14569/IJACSA.2016.071106},
year = {2016},
publisher = {The Science and Information Organization},
volume = {7},
number = {11},
author = {Ilham Maskani and Jaouad Boutahar and Souhaïl El Ghazi El Houssaïni}
}


Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

IJACSA

Upcoming Conferences

IntelliSys 2025

28-29 August 2025

Future Technologies Conference 2025

6-7 November 2025

Healthcare Conference 2026

21-22 May 2026

Computing Conference 2026

9-10 July 2026

IntelliSys 2026

3-4 September 2026

Computer Vision Conference 2026

15-16 October 2026