A systematic review of security requirements engineering

Authors:
Daniel Mellado;Carlos Blanco;Luis E. Sánchez;Eduardo Fernández-Medina
Affiliations:
Spanish Tax Agency. Madrid, Spain;Department of Information Technologies and Systems. University of Castilla-La Mancha. Alarcos Research Group. Paseo de la Universidad, 4. Ciudad Real, Spain;SICAMAN Nuevas Tecnologías. Tomelloso, Ciudad Real, Spain;Department of Information Technologies and Systems. University of Castilla-La Mancha. Alarcos Research Group. Paseo de la Universidad, 4. Ciudad Real, Spain
Venue:
Computer Standards & Interfaces
Year:
2010

Citing 35
Cited 7

Developing an enterprise information security policy

SIGUCCS '02 Proceedings of the 30th annual ACM SIGUCCS conference on User services
UMLsec: Extending UML for Secure Systems Development

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems

Proceedings of the eighth ACM symposium on Access control models and technologies
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Towards Modeling and Reasoning Support for Early-Phase Requirements Engineering

RE '97 Proceedings of the 3rd IEEE International Symposium on Requirements Engineering
A CC-based Security Engineering Process Evaluation Model

COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
Security-Critical System Development with Extended Use Cases

APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Tropos: An Agent-Oriented Software Development Methodology

Autonomous Agents and Multi-Agent Systems
Eliciting security requirements with misuse cases

Requirements Engineering
Engineering safety-related requirements for software-intensive systems

Proceedings of the 27th international conference on Software engineering
Building security requirements with CLASP

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Security quality requirements engineering (SQUARE) methodology

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Towards an Ontology-based Security Management

AINA '06 Proceedings of the 20th International Conference on Advanced Information Networking and Applications - Volume 01
Security Requirements Engineering for Software Systems: Case Studies in Support of Software Engineering Education

CSEET '06 Proceedings of the 19th Conference on Software Engineering Education & Training
Building problem domain ontology from security requirements in regulatory documents

Proceedings of the 2006 international workshop on Software engineering for secure systems
Goal and scenario based domain requirements analysis environment

Journal of Systems and Software - Special issue: Selected papers from the 11th Asia Pacific software engineering conference (APSEC 2004)
A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards & Interfaces
Lessons from applying the systematic literature review process within the software engineering domain

Journal of Systems and Software
Intrusion detection aware component-based systems: A specification-based framework

Journal of Systems and Software
Software requirements and architecture modeling for evolving non-secure applications into secure applications

Science of Computer Programming
Model-Based Security Engineering of Distributed Information Systems Using UMLsec

ICSE '07 Proceedings of the 29th international conference on Software Engineering
Engineering Safety and Security Related Requirements for Software Intensive Systems

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Security Requirements Engineering: A Framework for Representation and Analysis

IEEE Transactions on Software Engineering
Executable misuse cases for modeling security concerns

Proceedings of the 30th international conference on Software engineering
Security Requirement Engineering at a Telecom Provider

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
ISEDS: An Information Security Engineering Database System Based on ISO Standards

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Towards security requirements management for software product lines: A security domain requirements engineering process

Computer Standards & Interfaces
Eliciting Security Requirements through Misuse Activities

DEXA '08 Proceedings of the 2008 19th International Conference on Database and Expert Systems Application
Experimental comparison of attack trees and misuse cases for security threat identification

Information and Software Technology
How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Artificial Intelligence and Law
Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation

Computer Standards & Interfaces
Automated analysis of permission-based security using UMLsec

FASE'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Fundamental approaches to software engineering
A security requirement management database based on ISO/IEC 15408

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
A comparative study of proposals for establishing security requirements for the development of secure information systems

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III

Security requirements engineering framework for software product lines

Information and Software Technology
Secure business process model specification through a UML 2.0 activity diagram profile

Decision Support Systems
Security and reliability requirements for advanced security event management

MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
A comparative study of risk assessment methods, MEHARI & CRAMM with a new formal model of risk assessment (FoMRA) in information systems

CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Mapping study about usability requirements elicitation

CAiSE'13 Proceedings of the 25th international conference on Advanced Information Systems Engineering
Effective data warehouse for information delivery: a literature survey and classification

International Journal of Networking and Virtual Organisations
Secure Tropos framework for software product lines requirements engineering

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of the most important aspects in the achievement of secure software systems in the software development process is what is known as Security Requirements Engineering. However, very few reviews focus on this theme in a systematic, thorough and unbiased manner, that is, none of them perform a systematic review of security requirements engineering, and there is not, therefore, a sufficiently good context in which to operate. In this paper we carry out a systematic review of the existing literature concerning security requirements engineering in order to summarize the evidence regarding this issue and to provide a framework/background in which to appropriately position new research activities.