Article Details

Copyright Statement: This is an open access article licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, even commercially as long as the original work is properly cited.

Analysis of Security Requirements Engineering: Towards a Comprehensive Approach

Author 1: Ilham Maskani
Author 2: Jaouad Boutahar
Author 3: Souhaïl El Ghazi El Houssaïni

Download PDF

Digital Object Identifier (DOI) : 10.14569/IJACSA.2016.071106

Article Published in International Journal of Advanced Computer Science and Applications(IJACSA), Volume 7 Issue 11, 2016.

Abstract: Software’s security depends greatly on how a system was designed, so it’s very important to capture security requirements at the requirements engineering phase. Previous research proposes different approaches, but each is looking at the same problem from a different perspective such as the user, the threat, or the goal perspective. This creates huge gaps between them in terms of the used terminology and the steps followed to obtain security requirements. This research aims to define an approach as comprehensive as possible, incorporating the strengths and best practices found in existing approaches, and filling the gaps between them. To achieve that, relevant literature reviews were studied and primary approaches were compared to find their common and divergent traits. To guarantee comprehensiveness, a documented comparison process was followed. The outline of our approach was derived from this comparison. As a result, it reconciles different perspectives to security requirements engineering by including: the identification of stakeholders, assets and goals, and tracing them later to the elicited requirements, performing risk assessment in conformity with standards and performing requirements validation. It also includes the use of modeling artifacts to describe threats, risks or requirements, and defines a common terminology.

Keywords: Security requirements; Requirements engineering; Security standards; Comparison; Risk assessment

Ilham Maskani, Jaouad Boutahar and Souhaïl El Ghazi El Houssaïni, “Analysis of Security Requirements Engineering: Towards a Comprehensive Approach” International Journal of Advanced Computer Science and Applications(IJACSA), 7(11), 2016. http://dx.doi.org/10.14569/IJACSA.2016.071106

@article{Maskani2016,
title = {Analysis of Security Requirements Engineering: Towards a Comprehensive Approach},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2016.071106},
url = {http://dx.doi.org/10.14569/IJACSA.2016.071106},
year = {2016},
publisher = {The Science and Information Organization},
volume = {7},
number = {11},
author = {Ilham Maskani and Jaouad Boutahar and Souhaïl El Ghazi El Houssaïni}
}

IJACSA

Upcoming Conferences

IntelliSys 2021

2-3 September 2021

Future Technologies Conference (FTC) 2021

28-29 October 2021

Future of Information and Communication Conference (FICC) 2022

3-4 March 2022

Computing Conference 2022

14-15 July 2022