Supporting Requirements Engineers in Recognising Security Issues

Islam, Shareeful (2011) ‘Supporting Requirements Engineers in Recognising Security Issues’, in Lecture Notes in Computer Science. Requirements Engineering: Foundation for Software Quality 17th International Working Conference, REFSQ 2011. Essen, Germany, 28-30 March 2011. Springer, pp. 4-18.

6.pdf - Accepted Version
Available under License Creative Commons Attribution No Derivatives.

Download (540Kb) | Preview


Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to nish on time and in budget. Principal ideas/results: In this paper, we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identi ed with help of a Bayesian classi er. Our results indicate that this is feasible, in particular if the classi er is trained with domain speci c data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a work ow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process.We discuss limitations and potential of this approach.

Item Type: Book Section
Additional Information: Citation: Knauss, E., Houmb, S.H., Schneider, K., Islam, S. and Jurjens, J. (2011), 'Supporting Requirements Engineers in Recognising Security Issues' Lecture Notes in Computer Science, 6606, pp.4-18 [Requirements Engineering: Foundation for Software Quality 17th International Working Conference, REFSQ 2011, Essen, Germany, March 28-30, 2011. Proceedings].
Divisions: Schools > Architecture Computing and Engineering, School of
Depositing User: Mr Stephen Grace
Date Deposited: 04 May 2012 15:44
Last Modified: 12 Oct 2012 14:02

Actions (login required)

View Item View Item