How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods
نویسنده
چکیده
vii 1 Background: The Importance of Requirements Engineering 1 1.1 Security Requirements Issues 1 1.1.1 The Problem of Negative Requirements 2 2 Methods and Practices 3 2.1 Overview of the SQUARE Process 3 2.1.1 How to Apply SQUARE 5 2.2 The Comprehensive, Lightweight Application Security Process 6 2.3 Core Security Requirements Artifacts 8 2.4 Security Requirements Engineering Process 8 2.5 Security Patterns 8 2.6 Tropos 9 2.7 Use of Attack Trees for Modeling and Analysis 10 2.8 Misuse and Abuse Cases 10 2.9 Formal Methods 11 2.9.1 Software Cost Reduction 12 2.9.2 Common Criteria 13 3 Comparing Methods 16 4 Conclusions and Trends in Security Requirements Engineering 18 Sources and Funding 19
منابع مشابه
An Evaluation of A-SQUARE for COTS Acquisition
Developed by the Software Engineering Institute (SEI) at Carnegie Mellon University, Software Quality Requirements Engineering for Acquisition (A-SQUARE) is a methodology used for eliciting and prioritizing security requirements as part of the acquisition process. In the project described in this paper, we evaluated the effectiveness of the A-SQUARE method by applying it to a COTS product for t...
متن کاملIntegrating privacy requirements considerations into a security requirements engineering method and tool
In this paper we examine a method for identifying privacy requirements within the context of a security requirements engineering method. We briefly describe the security quality requirements engineering (SQUARE) methodology. Next we discuss our definition of privacy and the associated privacy concerns. We discuss the challenges of privacy requirements engineering and the need for incorporating ...
متن کاملCombining Privacy and Security Risk Assessment in Security Quality Requirements Engineering
Security risk assessment identifies the threats to systems, while privacy risk assessment identifies data sensitivities in systems. The Security Quality Requirements Engineering (SQUARE) method is used to identify software security issues in the early stages of the development lifecycle. We propose combining the existing security risk assessment techniques in SQAURE with the Privacy Impact Asse...
متن کاملBenefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods
The premise of this paper is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have worked with seven development groups in five organizations in the process of refining and transitioning the Security Quality Requirements Engineering (SQUARE) and S...
متن کاملAn Evaluation of Cost-Benefit Using Security Requirements Prioritization
This article describes a comparison of six security requirements prioritization methods: analytical hierarchy process (AHP), accelerated requirements method (ARM) prioritization, priority poker, cost-benefit model, security investment decision dashboard (SIDD), and COCOMO-II security extensions. OVERVIEW When building complex systems, stakeholders must often prioritize requirements as part of t...
متن کامل