Scenario Weaving for Security Requirements Elicitation
نویسندگان
چکیده
In this paper the authors propose security requirements elicitation method by scenario weaving. When the stakeholders write the behaviors of a system in scenarios or use cases, they may not have concern on software security. We prepare scenario fragments based on security evaluation criteria and weave them into the scenarios. Then we elicit the advices of weaving. The advices express the condition of requirements sentences such as when they needed. The authors explain the process of security requirements elicitation on proposed scenario language and show simple example with common criteria, most popular security evaluation criteria.
منابع مشابه
Functional Requirements Under Security PresSuRE
Recently, there has been an increase of reported security incidents hitting large software systems. Such incidents can originate from different attackers exploiting vulnerabilities of different parts of a system. Hence, there is a need for enhancing security considerations in software development. It is crucial for requirements engineers to identify security threats early on, and to refine the ...
متن کاملProblem-Based Security Requirements Elicitation and Refinement with PresSuRE
Different reports on cybercrime, which were published recently, indicate an ever-increasing number of security incidents related to IT systems. Many attacks causing the incidents abuse (in)directly one or more security defects. Fixing the security defect once fielded is costly. To avoid the defects and the subsequent need to fix them, security has to be considered thoroughly when developing sof...
متن کاملSecure Requirements Elicitation Through Triggered Message Sequence Charts
This paper argues for performing information-flow-based security analysis in the first phase of the software development life cycle itself ie in the requirements elicitation phase. Message Sequence Charts (MSC)s have been widely accepted as a formal scenario-based visual notation for writing down requirements. In this paper, we discuss a method for checking if a TMSC (Triggered Message Sequence...
متن کاملAn Empirical Scenario for the Evaluation of Requirements Elicitation Tasks
While requirements elicitation has been established as a crucial phase of the systems development process, empirical research on the topic of requirements elicitation is sparse. In this paper we present a requirements elicitation scenario that can be used by researchers to evaluate different methods of eliciting a set of requirements. This scenario consists of an elicitation tasks, a system fea...
متن کاملWeb-based Collaborative Security Requirements Elicitation
This empirical study aims at evaluating a structured but informal security requirements engineering method supported by a collaborative Web-based tool. The method allows stakeholders to contribute to the risk analysis and security requirements of elicitation of a software or system in a structured manner that allows traceability between vulnerabilities and mitigations. The tool’s collaborative ...
متن کامل