Skip to main content
SpringerLink
Log in

Model Oriented Security Requirements Engineering (MOSRE) Framework for Web Applications

  • Conference paper
Advances in Computing and Information Technology

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 177))

Abstract

In the recent years, tasks such as the Security Requirements Elicitation, the Specification of Security Requirements or the Security requirements Validation are essential to assure the Quality of the resulting software. An increasing part of the communication and sharing of information in our society utilizes Web Applications. Last two years have seen a significant surge in the amount of Web Application specific vulnerabilities that are disclosed to the public because of the importance of Security Requirements Engineering for Web based systems and as it is still under estimated. Therefore a thorough Security Requirements analysis is even more relevant. In this paper, we propose a Model oriented framework to Security Requirement Engineering (MOSRE) for Web Applications and applied our framework for E-Voting system. By applying Modeling technologies to Requirement phases, the Security requirements and domain knowledge can be captured in a well-defined model and it is better than traditional process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CLUSIF, Web Application Working Group, Web application security, managing web application security risks, Technical Studies (March 2010), http://www.clusif.asso.fr/

  2. Jacobson, I.: Modeling with Use Cases: Formalizing Use Case Modelling. Journal of Object-Oriented Programming (1995)

    Google Scholar 

  3. UML. Unified Modeling Language. Version 1.5 (2003), http://www.omg.org

  4. Meier, J.D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Murukan, A.: Improving Web Application Security:Threats and Countermeasures. Microsoft Corporation (June 2003)

    Google Scholar 

  5. Mead, R., Houg, E.D., Stehney, T.R.: Security Quality Requirements Engineering (Square) Methodology, tech. report CMU/SEI-2005-TR-009, Software Eng. Inst., Carnegie Mellon Univ. (2005)

    Google Scholar 

  6. Swiderski, Frank, Syndex: Threat Modeling. Microsoft Press (2004)

    Google Scholar 

  7. Sindre, G., Opdah, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10, 34–44 (2005)

    Article  Google Scholar 

  8. José Escalona, M., Koch, N.: Requirements Engineering for Web Applications – A Comparative Study. Journal of Web Engineering 2(3), 193–212 (2004)

    Google Scholar 

  9. Lee, H., Lee, C., Yoo, C.: A Scenario-based Object-oriented Methodology for Developing Hypermedia Information Systems. In: Sprague, R. (ed.) Proceedings of 31st Annual Conference on Systems Science (1998)

    Google Scholar 

  10. Bieber, M., Galnares, R., Lu, Q.: Web Engineering and Flexible Hypermedia. In: The Second Workshop on Adaptive Hypertext and Hypermedia, Hypertext 1998, Pittsburg, USA (1998)

    Google Scholar 

  11. Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security Requirements engineering: A Framework for Representation and Analysis. IEEE Transaction on Software Eng. 34(1), 133–152 (2008)

    Article  Google Scholar 

  12. Dubois, E., Mouratidis, H.: Guest editorial: security requirements engineering: past, present and future. Requirements Eng. 15, 1–5 (2010)

    Article  Google Scholar 

  13. Fabian, B., Gurses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng., Special Issue Security Requirements Engineering 15, 7–40 (2010)

    Google Scholar 

  14. Houmb, S.H., Islam, S., Knauss, E., Jurjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: An integration of Common Criteria, heuristics, and UMLsec. Requirements Eng., Special Issue Security Requirements Engineering 15, 63–93 (2010)

    Google Scholar 

  15. Hadavi, M.A., Hamishagi, V.S., Sangchi, H.M.: Security Requirements Engineering; State of the Art and Research Challenges. In: Proceedings of the International Multi Conference of Engineers and Computer Scientists, IMECS 2008, Hong Kong, vol. I, pp. 19–21 (March 2008)

    Google Scholar 

  16. Wang, H., Jia, Z., Shen, Z.: Research in security requirements engineering process, pp. 1285–1288. IEEE (2009)

    Google Scholar 

  17. Jain, S., Ingle, M.: Software Security Requirements Gathering Instrument. International Journal of Advanced Computer Science and Applications (IJACSA) 2(7), 116–129 (2011)

    Google Scholar 

  18. Chandrabose, A., Alagarsamy, K.: Security Requirements Engineering – A Strategic Approach. International Journal of Computer Applications (0975 – 8887) 13(3), 25–32 (2011)

    Google Scholar 

  19. Pandey, D., Suman, U., Ramani, A.K.: Security Requirement Engineering Issues in Risk Management. International Journal of Computer Applications (0975 – 8887) 17(5), 12–14 (2011)

    Google Scholar 

  20. Firesmith, D.: Engineering Security Requirements. Journal of Object Technology 2(1), 53–68 (2003), http://www.jot.fm/issues/issue_2003_01/column6

    Article  Google Scholar 

  21. Apvrille, A., Pourzandi, M.: Secure Software Development by Example. IEEE Security & Privacy 3(4), 10–17 (2005)

    Article  Google Scholar 

  22. Graham, D.: Introduction to the CLASP Process. Build Security (2006), https://buildsecurityin.us-cert.gov/daisy/bsi/articles/best-practices/requirements/548.html

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Pondicherry Engineering College, Pilaichavady, Puducherry, 605014, India

    P. Salini

  2. Department of Information Technology, Pondicherry Engineering College, Pilaichavady, Puducherry, 605014, India

    S. Kanmani

Authors
  1. P. Salini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Kanmani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to P. Salini .

Editor information

Editors and Affiliations

  1. , Department of Computer Science, Jackson State University, John R. Lynch Street 1400, Jackson, 39217, USA

    Natarajan Meghanathan

  2. Wireilla Net Solutions PTY Ltd, Melbourne, Australia

    Dhinaharan Nagamalai

  3. Department of Computer Science & Eng., University of Calcutta, Calcutta, 700 073, India

    Nabendu Chaki

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Salini, P., Kanmani, S. (2013). Model Oriented Security Requirements Engineering (MOSRE) Framework for Web Applications. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 177. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31552-7_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31552-7_36

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31551-0

  • Online ISBN: 978-3-642-31552-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation