Capturing Security Requirements Using Essential Use Cases (EUCs)
Capturing security requirements is a complex process, but it is crucial to the success of a secure software product. Hence, requirements engineers need to have security knowledge when eliciting and analyzing the security requirements from business requirements. However, the majority of requiremen...
Saved in:
| Format: | Book Chapter |
|---|---|
| Language: | en |
| Published: |
Springer Verlag
2014
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/13712/1/chp-3A10.1007-2F978-3-662-43610-3_2.pdf http://eprints.utem.edu.my/id/eprint/13712/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Capturing security requirements is a complex process, but it is crucial
to the success of a secure software product. Hence, requirements engineers need
to have security knowledge when eliciting and analyzing the security requirements
from business requirements. However, the majority of requirements engineers
lack such knowledge and skills, and they face difficulties to capture and
understand many security terms and issues. This results in capturing inaccurate,
inconsistent and incomplete security requirements that in turn may lead to insecure software systems. In this paper, we describe a new approach of capturing security requirements using an extended Essential Use Cases (EUCs) model. This approach enhances the process of capturing and analyzing security requirements to produce accurate and complete requirements. We have evaluated our prototype tool using usability testing and assessment of the quality of our generated EUC security patterns by security engineering experts. |
|---|