A Template-Based Approach To Write Complete Security Requirements For Software Development Environment
Writing quality security requirements contributes to the success of secure software development. It has been a common practice to include security requirements in a software system after the system is defined. Thus, incorporating security requirements at a later stage of software development will in...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/25165/1/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment%20-%20cdr%2021403.pdf http://eprints.utem.edu.my/id/eprint/25165/2/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf http://eprints.utem.edu.my/id/eprint/25165/ https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=118433 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utem.eprints.25165 |
|---|---|
| record_format |
eprints |
| spelling |
my.utem.eprints.251652021-10-05T10:37:59Z http://eprints.utem.edu.my/id/eprint/25165/ A Template-Based Approach To Write Complete Security Requirements For Software Development Environment Mustafa, Nuridawati Q Science (General) QA76 Computer software Writing quality security requirements contributes to the success of secure software development. It has been a common practice to include security requirements in a software system after the system is defined. Thus, incorporating security requirements at a later stage of software development will increase the risks of security vulnerabilities in software development. However, the process of writing security requirements is tedious and complex. There are a few gaps found in the existing works, categorized into method-related and people-related issues. The method-related issues include the lack of checking on security requirements completeness, security requirements templates, security standards used as reference and automated tool for validation. While, the people-related issues consist of inexperienced requirements engineers, minimal involvement of technical team in defining security requirements and language barriers. Motivated from these gaps, the main objective of this study is to propose a template-based approach to write complete security requirements. This study proposes a new template-based approach to assist the requirements engineers and client-stakeholders for writing complete security requirements. For this, we integrate the template-based approach with security requirements density using probability ratio, syntax-based density using lexical density and security requirements completeness prioritization using numerical assignment. We also developed two new pattern libraries, SecLib and SRCLib to validate the syntax and the completeness of security requirements. Additionally, an automated tool support called SecureMEReq was also developed to realize the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between manual and automated tool as well as usability test were conducted. In summary, the findings of the evaluations show that our approach can contribute to the body of knowledge of requirements engineering, especially in enhancing the completeness of writing security requirements. It is found that the approach is able to enhance the completeness level of security requirements compared to the manual approach and produce a complete generation of security requirements. The results of the usability tests show that the approach is useful and helpful in eliciting complete security requirements of software development and able to ease the security requirements elicitation process. 2020 Thesis NonPeerReviewed text en http://eprints.utem.edu.my/id/eprint/25165/1/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment%20-%20cdr%2021403.pdf text en http://eprints.utem.edu.my/id/eprint/25165/2/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf Mustafa, Nuridawati (2020) A Template-Based Approach To Write Complete Security Requirements For Software Development Environment. Doctoral thesis, Universiti Teknikal Malaysia Melaka. https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=118433 |
| institution |
Universiti Teknikal Malaysia Melaka |
| building |
UTEM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknikal Malaysia Melaka |
| content_source |
UTEM Institutional Repository |
| url_provider |
http://eprints.utem.edu.my/ |
| language |
English English |
| topic |
Q Science (General) QA76 Computer software |
| spellingShingle |
Q Science (General) QA76 Computer software Mustafa, Nuridawati A Template-Based Approach To Write Complete Security Requirements For Software Development Environment |
| description |
Writing quality security requirements contributes to the success of secure software development. It has been a common practice to include security requirements in a software system after the system is defined. Thus, incorporating security requirements at a later stage of software development will increase the risks of security vulnerabilities in software development. However, the process of writing security requirements is tedious and complex. There are a few gaps found in the existing works, categorized into method-related and people-related issues. The method-related issues include the lack of checking on security requirements completeness, security requirements templates, security standards used as reference and automated tool for validation. While, the people-related issues consist of inexperienced requirements engineers, minimal involvement of technical team in defining security requirements and language barriers. Motivated from these gaps, the main objective of this study is to propose a template-based approach to write complete security requirements. This study proposes a new template-based approach to assist the requirements engineers and client-stakeholders for writing complete security requirements. For this, we integrate the template-based approach with security requirements density using probability ratio, syntax-based density using lexical density and security requirements completeness prioritization using numerical assignment. We also developed two new pattern libraries, SecLib and SRCLib to validate the syntax and the completeness of security requirements. Additionally, an automated tool support called SecureMEReq was also developed to realize the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between manual and automated tool as well as usability test were conducted. In summary, the findings of the evaluations show that our approach can contribute to the body of knowledge of requirements engineering, especially in enhancing the completeness of writing security requirements. It is found that the approach is able to enhance the completeness level of security requirements compared to the manual approach and produce a complete generation of security requirements. The results of the usability tests show that the approach is useful and helpful in eliciting complete security requirements of software development and able to ease the security requirements elicitation process. |
| format |
Thesis |
| author |
Mustafa, Nuridawati |
| author_facet |
Mustafa, Nuridawati |
| author_sort |
Mustafa, Nuridawati |
| title |
A Template-Based Approach To Write Complete Security Requirements For Software Development Environment |
| title_short |
A Template-Based Approach To Write Complete Security Requirements For Software Development Environment |
| title_full |
A Template-Based Approach To Write Complete Security Requirements For Software Development Environment |
| title_fullStr |
A Template-Based Approach To Write Complete Security Requirements For Software Development Environment |
| title_full_unstemmed |
A Template-Based Approach To Write Complete Security Requirements For Software Development Environment |
| title_sort |
template-based approach to write complete security requirements for software development environment |
| publishDate |
2020 |
| url |
http://eprints.utem.edu.my/id/eprint/25165/1/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment%20-%20cdr%2021403.pdf http://eprints.utem.edu.my/id/eprint/25165/2/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf http://eprints.utem.edu.my/id/eprint/25165/ https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=118433 |
| _version_ |
1713203464595570688 |
| score |
13.211869 |