Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Security Requirements Elicitation and Modeling Authorizations

  • Conference paper
  • First Online:
Security in Computing and Communications (SSCC 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 625))

Included in the following conference series:

  • 800 Accesses

Abstract

Today security is almost inevitable for any software. To achieve this, the security requirements of the software ought to be efficiently modeled. However, existing modeling languages like Unified Modeling Language have certain limitations when it comes to modeling non-functional requirements like security. Most of the software of present era are hosted on internet or cloud and involve heavy exchange of crucial information between great multitudes of users. In this backdrop security becomes an obvious prerequisite. This paper proposes a methodology to elicit security requirements from all concerned stakeholders, assess security level required for every software asset and present this security assessment through easy but effective diagrams.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Shreyas, D.: Software engineering for security - towards architecting secure software. In: ICS 221 Seminar in Software Engineering, University of California, Irvine, pp. 1–12 (2001)

    Google Scholar 

  2. Lindvall, M., Basili, V.R., Boehm, B.W., et al.: Empirical findings in agile methods. In: XP Universe and Agile Universe Conference on Extreme Programming and Agile Methods, pp. 197–207 (2002)

    Google Scholar 

  3. Goel, R., Govil, M.C., Singh, G.: Imbibing security in software development life cycle: a review paper. In: Afro - Asian International Conference on Science, Engineering and Technology, pp. 593–599 (2015)

    Google Scholar 

  4. Van Lamsweerde, A.: Goal-oriented requirements engineering: from system objectives to UML models to precise software specifications. In: 25th International Conference on Software Engineering (2003)

    Google Scholar 

  5. Haley, C.B., Laney, R., Moffett, J.D., et al.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)

    Article  Google Scholar 

  6. Mullery, G.P.: CORE-a method for controlled requirement specification. In: 4th International Conference on Software Engineering, pp. 126–135 (1979)

    Google Scholar 

  7. Booch, G., Rumbaugh, J., Jacobson, I.: Unified Modeling Language User Guide. Pearson Education India, Noida (2005)

    Google Scholar 

  8. Booch, G., Rumbaugh, J., Jacobson, I.: Unified Modeling Language User Guide. Addison Wesley, Boston (2015)

    Google Scholar 

  9. Choppy, C., Reggio, G.: Requirements capture and specification for enterprise applications: a UML based attempt. In: Australian Software Engineering Conference, pp. 19–28 (2006)

    Google Scholar 

  10. Konrad, S., Goldsby, H., Lopez, K., Cheng, B.H.C.: Visualizing requirements in UML models. In: International Workshop Visualization Requirements Engineering, p. 1 (2007)

    Google Scholar 

  11. Dobing, B., Parsons, J.: How UML is used. Commun. ACM 49(5), 109–113 (2006)

    Article  Google Scholar 

  12. Dobing, B., Parsons, J.: Dimensions of UML diagram use: a survey of practitioners. J. Database Manag. 19(1), 1–18 (2008)

    Article  Google Scholar 

  13. Pressman, R.S.: Software Engineering a Practitioner’s Approach. McGraw-Hill, New York (2001)

    MATH  Google Scholar 

  14. Forouzan, B.A.: Data Communications and Networking. McGraw-Hill, New York (2007)

    MATH  Google Scholar 

  15. Talukder, A.K., Maurya, V.K., Santhosh, B.G., et al.: Security-aware software development life cycle (SaSDLC)- processes and tools. In: IFIP International Conference on Wireless Optical Communications Networks, pp. 1–5 (2009)

    Google Scholar 

  16. Glinz, M.: Problems and deficiencies of UML as a requirements specification language. In: International Workshop on Software Specification and Design, pp. 11–22 (2000)

    Google Scholar 

  17. Woods, E.: Harnessing UML for architectural description: the context view. IEEE Softw. 31(6), 30–33 (2014)

    Article  Google Scholar 

  18. Chanda, J., Kanjilal, A., Sengupta, S., Bhattacharya, S.: Traceability of requirements and consistency verification of UML use case, activity and class diagram: a formal approach. In: International Conference on Methods Models in Computer Science, pp. 1–4 (2009)

    Google Scholar 

  19. Kobryn, C.: UML 3 and the future of modeling. Softw. Syst. Model. 3(1), 4–8 (2004)

    Article  Google Scholar 

  20. Samuel, B.M., Watkins III, L.A., Ehle, A., Khatri, V.: Customizing the representation capabilities of process models: understanding the effects of perceived modeling impediments. IEEE Trans. Softw. Eng. 41(1), 19–39 (2015)

    Article  Google Scholar 

  21. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10, 34–44 (2005)

    Article  Google Scholar 

  22. Stolen, K., Braber, F.D., Dimitrakos, T., et al.: iTrust Workshop (2002)

    Google Scholar 

  23. Kishore, S., Naik, R.: Software Requirements and Estimation. Tata McGraw-Hill Education, New York (2001)

    Google Scholar 

  24. Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  25. Sabahat, N., Iqbal, F., Azam, F., Javed, M.Y.: An iterative approach for global requirements elicitation: a case study analysis. In: International Conference on Electronics and Information Engineering, pp. 361–366 (2010)

    Google Scholar 

  26. Kasirun, Z.M., Salim, S.S.: Focus group discussion model for requirements elicitation activity. In: International Conference on Computer and Electrical Engineering, pp. 101–105 (2008)

    Google Scholar 

  27. Wäyrynen, J., Bodén, M., Boström, G.: Security engineering and extreme programming: an impossible marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP/Agile Universe 2004. LNCS, vol. 3134, pp. 117–128. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  28. Kamata, M.I., Tamai, T.: How does requirements quality relate to project success or failure? In: Requirements Engineering Conference, pp. 69–78 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Malaviya National Institute of Technology Jaipur, Jaipur, India

    Rajat Goel, Mahesh Chandra Govil & Girdhari Singh

Authors
  1. Rajat Goel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahesh Chandra Govil
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Girdhari Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rajat Goel .

Editor information

Editors and Affiliations

  1. IBM ZURICH RESEARCH LABORATORY, IBM ZURICH RESEARCH LABORATORY, RUESCHLIKON, Switzerland

    Peter Mueller

  2. Technology and Management, Indian Institute of Information Technology and Management, Kerala, India

    Sabu M. Thampi

  3. Temple University, New York, New York, USA

    Md Zakirul Alam Bhuiyan

  4. Computer Science, University of Waikato Computer Science, Hamilton, New Zealand

    Ryan Ko

  5. Deakin University , Burwood, Victoria, Australia

    Robin Doss

  6. University of the West of Scotland , Paisley, Glasgow, United Kingdom

    Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Goel, R., Govil, M.C., Singh, G. (2016). Security Requirements Elicitation and Modeling Authorizations. In: Mueller, P., Thampi, S., Alam Bhuiyan, M., Ko, R., Doss, R., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2016. Communications in Computer and Information Science, vol 625. Springer, Singapore. https://doi.org/10.1007/978-981-10-2738-3_20

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-2738-3_20

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-2737-6

  • Online ISBN: 978-981-10-2738-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation