Security quality requirements engineering (SQUARE) methodology

Authors:
Nancy R. Mead;Ted Stehney
Affiliations:
Software Engineering Institute, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA
Venue:
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Year:
2005

Citing 0
Cited 12

Investigation of IS professionals' intention to practise secure development of applications

International Journal of Human-Computer Studies
A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards & Interfaces
Refining and reasoning about nonfunctional requirements

Proceedings of the 47th Annual Southeast Regional Conference
A systematic review of security requirements engineering

Computer Standards & Interfaces
Teaching Security Requirements Engineering Using SQUARE

REET '09 Proceedings of the 2009 Fourth International Workshop on Requirements Engineering Education and Training
Using allopoietic agents in replicated software to respond to errors, faults, and attacks

Proceedings of the 48th Annual Southeast Regional Conference
A framework for ensuring security in ubiquitous computing environment based on security engineering approach

KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
A framework for specifying and managing security requirements in collaborative systems

ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Engineering self-protection for autonomous systems

FASE'06 Proceedings of the 9th international conference on Fundamental Approaches to Software Engineering
Software quality trade-offs: A systematic map

Information and Software Technology
How to select a security requirements method? a comparative study with students and practitioners

NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
A framework to support selection of cloud providers based on security and privacy requirements

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Requirements engineering, a vital component in successful project development, often neglects sufficient attention to security concerns. Further, industry lacks a useful model for incorporating security requirements into project development. Studies show that upfront attention to security saves the economy billions of dollars. Industry is thus in need of a model to examine security and quality requirements in the development stages of the production lifecycle.In this paper, we examine a methodology for both eliciting and prioritizing security requirements on a development project within an organization. We present a model developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program, and then examine two case studies where the model was applied to a client system. The NSS Program continues to develop this useful model, which has proven effective in helping an organization understand its security posture.