Islam, Shareeful (2011) ‘Supporting Requirements Engineers in Recognising Security Issues’, in Lecture Notes in Computer Science. Requirements Engineering: Foundation for Software Quality 17th International Working Conference, REFSQ 2011. Essen, Germany, 28-30 March 2011. Springer, pp. 4-18.
6.pdf - Accepted Version
Available under License Creative Commons Attribution No Derivatives.
Download (540Kb) | Preview
Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to nish on time and in budget. Principal ideas/results: In this paper, we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identi ed with help of a Bayesian classi er. Our results indicate that this is feasible, in particular if the classi er is trained with domain speci c data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a work ow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process.We discuss limitations and potential of this approach.
|Item Type:||Book Section|
|Additional Information:||Citation: Knauss, E., Houmb, S.H., Schneider, K., Islam, S. and Jurjens, J. (2011), 'Supporting Requirements Engineers in Recognising Security Issues' Lecture Notes in Computer Science, 6606, pp.4-18 [Requirements Engineering: Foundation for Software Quality 17th International Working Conference, REFSQ 2011, Essen, Germany, March 28-30, 2011. Proceedings].|
|Divisions:||Schools > Architecture Computing and Engineering, School of|
|Depositing User:||Mr Stephen Grace|
|Date Deposited:||04 May 2012 15:44|
|Last Modified:||12 Oct 2012 14:02|
Actions (login required)