Skip to main content
SpringerLink
Log in
Book cover

Asia Pacific Requirements Engeneering Conference

APRES 2017: Requirements Engineering for Internet of Things pp 73–86Cite as

A Template for Writing Security Requirements

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 809))

Abstract

Quality security requirements contribute to the success of secure software development. However, the process of eliciting and writing security requirements is tedious and complex, It requires Requirements Engineers (RE) to have security experience in the process of eliciting consistent security requirements from the clients-stakeholders. Considering the requirements are derived from natural language, RE faced problems in eliciting and writing security requirements as they have the tendency to misunderstand the real needs and the security terms used. Motivated from these problems, this paper proposed a security requirements library and template to assist RE in writing security requirements. The library was built based on compilation of security attributes derived from syntax analysis and keywords matching. The realization of the library and writing template was demonstrated using two sets of scenario taken from real projects. The usage examples show that the template is able to help the RE to write security requirements by providing the relevant and suitable sentence structure as guidance.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. El-Hadary, H., El-Kassas, S.: Capturing security requirements for software systems. J. Adv. Res. 5(4), 463–472 (2014)

    Article  Google Scholar 

  2. Zhivich, M., Cunningham, R.K.: The real cost of software errors. IEEE Secur. Priv. 2(2), 87–90 (2009)

    Article  Google Scholar 

  3. Salini, P., Kanmani, S.: Survey and analysis on security requirements engineering. Comput. Electr. Eng. 38, 1785–1797 (2012)

    Article  Google Scholar 

  4. Riaz, M., King, J., Slankas, J., Williams, L.: Hidden in plain sight: automatically identifying security requirements from natural language artifacts. In: IEEE 22nd International Requirements Engineering Conference, RE 2014, pp. 183–192 (2014)

    Google Scholar 

  5. Yu, E.S.K.: Towards modelling and reasoning support for early-phase requirements engineering. In: IEEE 3rd International Symposium on Requirements Engineering, ISRE 1997, pp. 226–235 (1997)

    Google Scholar 

  6. Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32, 153–165 (2010)

    Article  Google Scholar 

  7. Houmb, S.H., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: an integration of common criteria, heuristics, and UMLsec. Requir. Eng. 15(1), 63–93 (2010).

    Article  Google Scholar 

  8. Banerjee, A., Sharma, M., Banerjee, C., Pandey, S.K.: Research on security requirements engineering: problems and prospects. MATRIX Acad. Int. Online J. Eng. Technol. 3(1), 32–35 (2015)

    Google Scholar 

  9. Firesmith, D.G.: Engineering security requirements. J. Object Technol. 2(1), 53–68 (2003)

    Article  Google Scholar 

  10. Jindal, R., Malhotra, R., Jain, A.: Automated classification of security requirements. In: International Conference on Advances in Computing, Communications and Informatics (ICACCI 2016), pp. 2027–2033 (2016)

    Google Scholar 

  11. Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)

    Article  Google Scholar 

  12. CCRA: Common Criteria for Information Technology Security Evaluation (Part 2: Security Functional Components) (2017)

    Google Scholar 

  13. CCRA: Common Criteria for Information Technology Security Evaluation (Part 1: Introduction and General Model) (2017)

    Google Scholar 

  14. ISO/IEC: International Standard ISO/IEC 27000 (Information Technology — Security Techniques — Information Security Management Systems — Overview and Vocabulary) (2016)

    Google Scholar 

  15. Kamalrudin, M., Grundy, J., Hosking, J.: Tool support for essential use cases to better capture software requirements. In: ACM the International Conference on Automated Software Engineering, ASE 2010, pp. 255–264 (2010)

    Google Scholar 

  16. Chua, F.-F., Ngazizan, S.A., Hassan, M.: Design and implementation of airline reservation web services using service-oriented architecture. In: World Congress on Engineering 2010 (2010)

    Google Scholar 

  17. S.C.P. (SCP): EHR Functional Requirements (2009). https://nyehealth.org/wp-content/uploads/2012/07/Version_2_2_EHR_Functional_Requirements-16_Nov_09.pdf. Accessed 30 Aug 2017

  18. Riaz, M., Stallings, J., Singh, M.P., Slankas, J., Williams, L.: DIGS – a framework for discovering goals for security requirements engineering. In: ACM International Symposium on Empirical Software Engineering and Measurement (ESEM 2016) (2016)

    Google Scholar 

  19. Riaz, M., Elder, S., Williams, L.: Systematically developing prevention, detection, and response patterns for security requirements. In: The 3rd International Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) (2016)

    Google Scholar 

  20. Riaz, M., Slankas, J., King, J., Williams, L.: Using templates to elicit implied security requirements from functional requirements - a controlled experiment. In: ACM the 8th International Symposium on Empirical Software Engineering and Measurement, ESEM 2014, p. 22 (2014)

    Google Scholar 

  21. Motil, A., Hamid, B., Lanusse, A., Bruel, J.-M., Motii, A., Hamid, B., Lanusse, A., Jean-Michel, B.: Guiding the selection of security patterns based on security requirements and pattern classification. In: ACM the 20th European Conference on Pattern Languages of Programs, EuroPLoP 2015, pp. 10:1–10:17 (2015)

    Google Scholar 

  22. Beckers, K., Côté, I., Goeke, L.: A catalog of security requirements patterns for the domain of cloud computing systems. In: ACM the 29th Symposium on Applied Computing, pp. 337–342 (2014)

    Google Scholar 

  23. Yahya, S., Kamalrudin, M., Sidek, S., Grundy, J.: Capturing security requirements using Essential Use Cases (EUCs). In: Zowghi, D., Jin, Z. (eds.) Requirements Engineering. CCIS, vol. 432, pp. 16–30. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43610-3_2

    Chapter  Google Scholar 

  24. Yusop, N., Kamalrudin, M., Sidek, S., Grundy, J.: Automated support to capture and validate security requirements for Mobile Apps. Commun. Comput. Inf. Sci. 671, 97–112 (2016)

    Google Scholar 

  25. Salini, P., Kanmani, S.: Elicitation of security requirements for e-health system by applying Model Oriented Security Requirements Engineering (MOSRE) framework. In: ACM the Second International Conference on Computational Science, Engineering and Information Technology, CCSEIT 2012, pp. 126–131 (2012)

    Google Scholar 

Download references

Acknowledgment

I would like to thank UTeM and MoE for the funding research: FRGS/1/2015/ICT01/FTMK/02/F00291.

Author information

Authors and Affiliations

  1. Innovative Software System and Service Group (IS3), Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100, Durian Tunggal, Melaka, Malaysia

    Massila Kamalrudin & Safiah Sidek

  2. Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100, Durian Tunggal, Melaka, Malaysia

    Nuridawati Mustafa

Authors
  1. Massila Kamalrudin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nuridawati Mustafa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Safiah Sidek
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nuridawati Mustafa .

Editor information

Editors and Affiliations

  1. Universiti Teknikal Malaysia Melaka, Melaka, Malaysia

    Massila Kamalrudin

  2. Universiti Teknikal Malaysia Melaka, Melaka, Malaysia

    Sabrina Ahmad

  3. Riphah International University, Islamabad, Pakistan

    Naveed Ikram

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kamalrudin, M., Mustafa, N., Sidek, S. (2018). A Template for Writing Security Requirements. In: Kamalrudin, M., Ahmad, S., Ikram, N. (eds) Requirements Engineering for Internet of Things. APRES 2017. Communications in Computer and Information Science, vol 809. Springer, Singapore. https://doi.org/10.1007/978-981-10-7796-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-7796-8_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-7795-1

  • Online ISBN: 978-981-10-7796-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation