Abstract
Today security is almost inevitable for any software. To achieve this, the security requirements of the software ought to be efficiently modeled. However, existing modeling languages like Unified Modeling Language have certain limitations when it comes to modeling non-functional requirements like security. Most of the software of present era are hosted on internet or cloud and involve heavy exchange of crucial information between great multitudes of users. In this backdrop security becomes an obvious prerequisite. This paper proposes a methodology to elicit security requirements from all concerned stakeholders, assess security level required for every software asset and present this security assessment through easy but effective diagrams.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Shreyas, D.: Software engineering for security - towards architecting secure software. In: ICS 221 Seminar in Software Engineering, University of California, Irvine, pp. 1–12 (2001)
Lindvall, M., Basili, V.R., Boehm, B.W., et al.: Empirical findings in agile methods. In: XP Universe and Agile Universe Conference on Extreme Programming and Agile Methods, pp. 197–207 (2002)
Goel, R., Govil, M.C., Singh, G.: Imbibing security in software development life cycle: a review paper. In: Afro - Asian International Conference on Science, Engineering and Technology, pp. 593–599 (2015)
Van Lamsweerde, A.: Goal-oriented requirements engineering: from system objectives to UML models to precise software specifications. In: 25th International Conference on Software Engineering (2003)
Haley, C.B., Laney, R., Moffett, J.D., et al.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)
Mullery, G.P.: CORE-a method for controlled requirement specification. In: 4th International Conference on Software Engineering, pp. 126–135 (1979)
Booch, G., Rumbaugh, J., Jacobson, I.: Unified Modeling Language User Guide. Pearson Education India, Noida (2005)
Booch, G., Rumbaugh, J., Jacobson, I.: Unified Modeling Language User Guide. Addison Wesley, Boston (2015)
Choppy, C., Reggio, G.: Requirements capture and specification for enterprise applications: a UML based attempt. In: Australian Software Engineering Conference, pp. 19–28 (2006)
Konrad, S., Goldsby, H., Lopez, K., Cheng, B.H.C.: Visualizing requirements in UML models. In: International Workshop Visualization Requirements Engineering, p. 1 (2007)
Dobing, B., Parsons, J.: How UML is used. Commun. ACM 49(5), 109–113 (2006)
Dobing, B., Parsons, J.: Dimensions of UML diagram use: a survey of practitioners. J. Database Manag. 19(1), 1–18 (2008)
Pressman, R.S.: Software Engineering a Practitioner’s Approach. McGraw-Hill, New York (2001)
Forouzan, B.A.: Data Communications and Networking. McGraw-Hill, New York (2007)
Talukder, A.K., Maurya, V.K., Santhosh, B.G., et al.: Security-aware software development life cycle (SaSDLC)- processes and tools. In: IFIP International Conference on Wireless Optical Communications Networks, pp. 1–5 (2009)
Glinz, M.: Problems and deficiencies of UML as a requirements specification language. In: International Workshop on Software Specification and Design, pp. 11–22 (2000)
Woods, E.: Harnessing UML for architectural description: the context view. IEEE Softw. 31(6), 30–33 (2014)
Chanda, J., Kanjilal, A., Sengupta, S., Bhattacharya, S.: Traceability of requirements and consistency verification of UML use case, activity and class diagram: a formal approach. In: International Conference on Methods Models in Computer Science, pp. 1–4 (2009)
Kobryn, C.: UML 3 and the future of modeling. Softw. Syst. Model. 3(1), 4–8 (2004)
Samuel, B.M., Watkins III, L.A., Ehle, A., Khatri, V.: Customizing the representation capabilities of process models: understanding the effects of perceived modeling impediments. IEEE Trans. Softw. Eng. 41(1), 19–39 (2015)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10, 34–44 (2005)
Stolen, K., Braber, F.D., Dimitrakos, T., et al.: iTrust Workshop (2002)
Kishore, S., Naik, R.: Software Requirements and Estimation. Tata McGraw-Hill Education, New York (2001)
Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Sabahat, N., Iqbal, F., Azam, F., Javed, M.Y.: An iterative approach for global requirements elicitation: a case study analysis. In: International Conference on Electronics and Information Engineering, pp. 361–366 (2010)
Kasirun, Z.M., Salim, S.S.: Focus group discussion model for requirements elicitation activity. In: International Conference on Computer and Electrical Engineering, pp. 101–105 (2008)
Wäyrynen, J., Bodén, M., Boström, G.: Security engineering and extreme programming: an impossible marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP/Agile Universe 2004. LNCS, vol. 3134, pp. 117–128. Springer, Heidelberg (2004)
Kamata, M.I., Tamai, T.: How does requirements quality relate to project success or failure? In: Requirements Engineering Conference, pp. 69–78 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Goel, R., Govil, M.C., Singh, G. (2016). Security Requirements Elicitation and Modeling Authorizations. In: Mueller, P., Thampi, S., Alam Bhuiyan, M., Ko, R., Doss, R., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2016. Communications in Computer and Information Science, vol 625. Springer, Singapore. https://doi.org/10.1007/978-981-10-2738-3_20
Download citation
DOI: https://doi.org/10.1007/978-981-10-2738-3_20
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-2737-6
Online ISBN: 978-981-10-2738-3
eBook Packages: Computer ScienceComputer Science (R0)