A comparison of security requirements engineering methods

Authors:
Benjamin Fabian;Seda Gürses;Maritta Heisel;Thomas Santen;Holger Schmidt
Affiliations:
Humboldt-Universität zu Berlin, Institute of Information Systems, Berlin, Germany;ESAT/COSIC, K.U. Leuven, Leuven-Heverlee, Belgium;University of Duisburg-Essen, Software Engineering, Duisburg, Germany;European Microsoft Innovation Center, Aachen, Germany;University of Duisburg-Essen, Software Engineering, Duisburg, Germany
Venue:
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Year:
2010

Citing 0
Cited 12

Systematic development of UMLsec design models based on security requirements

FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
A product lifecycle management methodology for supporting knowledge reuse in the consumer packaged goods domain

Computer-Aided Design
Supporting the development and documentation of ISO 27001 information security management systems through security requirements engineering approaches

ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Value-based argumentation for justifying compliance

Artificial Intelligence and Law - Special issue on Deontic Logic and Normative Systems
Elicitation of Security requirements for E-Health system by applying Model Oriented Security Requirements Engineering (MOSRE) Framework

Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
Security and reliability requirements for advanced security event management

MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Engineering access control policies for provenance-aware systems

Proceedings of the third ACM conference on Data and application security and privacy
Threat and Risk-Driven Security Requirements Engineering

International Journal of Mobile Computing and Multimedia Communications
Comparing risk identification techniques for safety and security requirements

Journal of Systems and Software
Common criteria compliant software development (CC-CASD)

Proceedings of the 28th Annual ACM Symposium on Applied Computing
Value-based argumentation for designing and auditing security measures

Ethics and Information Technology
Secure Tropos framework for software product lines requirements engineering

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.