Abstract
For any security updation, software must be secure that can be analyzed at the early stage of requirements. All security analysis is prejudiced approach which follows certain rules, defined-laws. Models and policies made the software worthwhile. However, in today scenario, still there is a deficiency in security requirements. It has been observed that to capture security requirement a business goals must be fulfilled that helps to protect assets from threats. This is the reality that any security violation is caused openly by vulnerable software. A scrupulous review has carried out regarding the fact as there are many approaches that consists of policy, rules or any guidelines for secure requirement phase. Therefore, it is desirable to develop a prescriptive framework that addresses security at requirement phase. The chronological approach of security requirement framework is presented that helps security experts to analyze security and mitigate threat at requirement phase.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Common Criteria Board (2009) Common criteria for information technology security evaluation, version 3.1
Sullivan Richard J (2014) Controlling security risk and fraud in payment systems. Federal Reserve Bank of Kansas City Econ Rev 99(3):47–78
McGraw G (2003) In: Software security: thought leadership in information security. Cigital Software Security Workshop
Taylor D, McGraw G (2005) In: Adopting a software security improvement program. IEEE Security and Privacy, pp 88–91
McGraw G, Mead N (2005) A portal for software security. IEEE Secur Privacy 3:75–79
Haley CB, Laney R, Moffett JD, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133–152
Graham D (2006) Introduction to the CLASP process. Build Security
Ki-Aries D (2018) Assessing security risk and requirements for systems of systems. In: 2018 IEEE 26th International requirements engineering conference, IEEE. https://doi.org/10.1109/re.2018.00061
Lipner S, Howard M (2005) The trustworthy computing security development life cycle. Microsoft Corp
Torr P (2005) Demystifying the threat modeling process. IEEE Secur Privacy 3(5):66–70
Mellado D, Fernandez-Medina E, Piattini M (2007) A Common criteria based security requirements engineering process for the development of secure information systems. Comput Stand Interf 29(2):244–253
Humphrey WS (2002) In: Winning with software: an executive strategy. Boston, MA, Addison Wesley (ISBN 0201776391)
Sodiya AS, Onashoga SA, Ajayi OB (2006) Towards building secure software systems. In: Proceedings of issues in informing science and information technology, June 25–28, vol 3. Salford, Greater Manchester, England
Flechais I, Mascolo C, Angela Sasse M (2006) Integrating security and usability into the requirements and design process. In: Proceedings of the second international conference on global E-security, London, UK. http://www.softeng.ox.ac.uk/personal/Ivan.Flechais/downloads/icges.pdf
Reza M, Shirazi A, Jaferian P, Elahi G, Baghi H, Sadeghian B (2005) RUPSec: an extension on rup for developing secure systems-requirements discipline. In: Proceedings of World academy of science, engineering and technology, vol 4. pp 208–212. ISSN 1307–6884
Software Security Assurance (2007) State-of-the- Art Report (SOAR) Information Assurance Technology Analysis Center (IATAC) Data and Analysis Center for Software (DACS) Joint endeavor by IATAC with DACS
Oracle Software Security Assurance [web page] (Redwood Shores, CA, Oracle Corporation)
Mellado D, Fernández-Medina E, Piattini M (2006) Applying a security requirements engineering process. In: European symposium on research in computer security, Springer, Berlin, Heidelberg, Germany, pp 192–206
Ki-Aries D, Faily S, Dogan H, Williams C (2018) Assessing system of systems security risk and requirements with OASoSIS. In: 2018 IEEE 5th international workshop on evolving security and privacy requirements engineering (ESPRE), IEEE, pp 14–20
Guerra PADC, Rubira C, de Lemos R (2003) In: A fault-tolerant software architecture for component-based systems. Lecture Notes in Computer Science. vol 2677. Springer, pp 129–149
Fernandez EB (2004) A methodology for secure software design. In: Proc of the int’l symp web services and applications (ISWS). www.cse.fau.edu/_ed/EFLVSecSysDes1.pdf
Kurtanovi´c Z, Maalej W (2017) Automatically classifying functional and non-functional requirements using supervised machine learning. In: Proceedings the 25th IEEE international requirements engineering conference, Lisbon, Portugal, Sep. 2017, pp 490–495
Parveen N, Beg R, Khan MH (2014) Integrating security and usability at requirement specification process. Int J Comput Trends Technol (IJCTT) 10: 236–240
Mohammed NM, Niazi M, Alshayeb M, Mahmood S (2017) Exploring software security approaches in software development lifecycle: a systematic mapping study. Comput Standards Interfaces 50(1):107–115
Kyriazanos DM, Thanos KG, Thomopoulos SCA (2019) Automated decision making in airport checkpoints: bias detection toward smarter security and fairness, IEEE
Parveen N, Beg MR et al (2014) Software security issues: requirement perspectives. Int J Sci Eng Res 5(7):11–15. ISSN 2229–5518
Parveen N, Beg MR, Khan MH (2014) Bridging the gap between requirement and security through secure requirement specification checklist. In: Proceedings of 16 th IRF international conference, 14 th December 2014, Pune, India, pp 6–10. ISBN: 978–93-84209-74-2
Parveen N, Beg MR, Khan MH (2015) Model to quantify confidentiality at requirement phase. In: Proceedings of the 2015 international conference on advanced research in computer science engineering and technology(ACM ICARCSET-2015) 6–7th March 2015. ISBN: 978–1–4503-3441-9
Nikhat P, Beg MR, Khan MH (2015) Model to quantify availability at requirement phase of secure software. Amer J Softw Eng Appl 4(5):86–91
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Parveen, N., Khaliq, M. (2021). Difficult on Addressing Security: A Security Requirement Framework. In: Bhattacharyya, S., Nayak, J., Prakash, K.B., Naik, B., Abraham, A. (eds) International Conference on Intelligent and Smart Computing in Data Analytics. Advances in Intelligent Systems and Computing, vol 1312. Springer, Singapore. https://doi.org/10.1007/978-981-33-6176-8_18
Download citation
DOI: https://doi.org/10.1007/978-981-33-6176-8_18
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-6175-1
Online ISBN: 978-981-33-6176-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)