Empirical Validation of Security Methods
نویسندگان
چکیده
Security requirements engineering is an important part of many software projects. Practitioners consider security requirements from the early stages of software development processes, but most of them do not use any formal method for security requirements engineering. According to a recent survey, only about 9% security practitioners implement formal process of elicitation and analysis of security requirements and risks. However, a number of methods have been recently proposed in academia to support practitioners in collecting and analysing security requirements. Unfortunately, these methods are not widely adopted in practice because there is a lack of empirical evidence that they work. Only few papers in requirements engineering have a solid empirical evidence of efficiency of proposed solutions. So how can we know that security methods work in practice? In this paper we propose to conduct a series of empirical studies to build a basis that a) will provide security practitioners with guidelines for selection of security requirements methods, and b) will help methods designer understand how to improve their methods.
منابع مشابه
Validation and application of empirical shear wave velocity models based on standard penetration test
Shear wave velocity is a basic engineering tool required to define dynamic properties of soils. In many instances it may be preferable to determine Vs indirectly by common in-situ tests, such as the Standard Penetration Test. Many empirical correlations based on the Standard Penetration Test are broadly classified as regression techniques. However, no rigorous procedure has been published for c...
متن کاملA First Empirical Evaluation Framework for Security Risk Assessment Methods in the ATM Domain
Evaluation and validation methodologies are integral parts of Air Traffic Management (ATM). They are well understood for safety, environmental and other business cases for which operational validation guidelines exist which are well defined and widely used. In contrast, there are no accepted methods to evaluate and compare the effectiveness of risk assessment practices for security. The EMFASE ...
متن کاملDetection of perturbed quantization (PQ) steganography based on empirical matrix
Perturbed Quantization (PQ) steganography scheme is almost undetectable with the current steganalysis methods. We present a new steganalysis method for detection of this data hiding algorithm. We show that the PQ method distorts the dependencies of DCT coefficient values; especially changes much lower than significant bit planes. For steganalysis of PQ, we propose features extraction from the e...
متن کاملDefining a Security-Oriented Evolution Scenario for the CoCoME
Information systems are subject to continuous change. In order to conduct empirical research on methods for software evolution, CoCoME was developed as a community-driven case study system. It is, however, not suitable for the validation of security-related approaches, as neither security nor privacy have been addressed in any evolution scenario. We elicited 53 security requirements coming from...
متن کاملOperative assessment of predicted generalization errors on non-stationary distributions in data-intensive applications
Data-intensive applications use empirical methods to extract consistent information from huge samples. When applied to classification tasks, their aim is to optimize accuracy on unseen data hence a reliable prediction of the generalization error is of paramount importance. Theoretical models, such as Statistical Learning Theory, and empirical estimations, such as cross-validation, can both fit ...
متن کامل