Comprehensive Analysis of Security Requirements Engineering Approaches with Assurance Perspective

Authors

  • Aftab Alam Janisar Department of Computer and Information Science Universiti Teknologi Petronas, 32610 Seri Iskandar Perak Malaysia
  • Khairul Shafee Kalid Department of Computer and Information Science Universiti Teknologi Petronas, 32610 Seri Iskandar Perak Malaysia
  • Aliza Sarlan Department of Computer and Information Science Universiti Teknologi Petronas, 32610 Seri Iskandar Perak Malaysia
  • Anas Abdelsatar Mohammad Salameh Department of Management Information Systems, College of Business Administration, Prince Sattam bin Abdulaziz University, 165 Al-Kharj 11942, Saudi Arabia

DOI:

https://doi.org/10.37934/araset.54.2.104119

Keywords:

Security requirement engineering, security requirement elicitation, security requirement analysis, requirement engineering, software security

Abstract

Given the wide distribution of software and its current growth, security is inevitable, and software systems have become more complex. To avoid the complexity and protect valuable assets of software systems, researchers, and practitioners in the fields of security requirement engineering (SRE) and security assurance advise incorporating security requirements early in software development life cycle (SDLC). Nowadays, security requirements specification and identification are an active research area for ensuring the effectiveness of software systems. However, security requirement identification is a challenging task due to sheer numbers of threats and attacks to a software system. Previous researchers have identified different SRE techniques, each looking at the same problem from a different perspective. Therefore, a literature review conducted on SRE techniques. We compared and analyzed different SRE techniques to find the most suitable SRE techniques for researchers and practitioners. Selected SRE techniques compared based on various parameters, such as different attributes, requirement elicitation, requirement analysis, project size, and integration of standards. The literature also indicates that among SRE approaches, security quality requirements engineering (SQAURE), secure tropos, security requirements engineering process (SREP), and comprehensive lightweight application security process (CLASP) are the most used SRE approaches that focus on activities such as threats, security requirements identification, and security objectives identification. Unfortunately, several SRE approaches fail to explicitly integrate the security standard and security assurance perspective. Three questions developed for this study: Question 1 is based on comparison of existing SRE approaches, Question 2 is based on SRE with security requirements elicitation and analysis, and Question 3 highlights the incorporation of security requirements assurance by SRE approaches implicitly or explicitly. The researcher must work with the developer to easily adopt SRE approaches to elicit and ensure security requirements for the software system.

Downloads

Download data is not yet available.

Author Biographies

Aftab Alam Janisar, Department of Computer and Information Science Universiti Teknologi Petronas, 32610 Seri Iskandar Perak Malaysia

aftab_22001362@utp.edu.my

Khairul Shafee Kalid, Department of Computer and Information Science Universiti Teknologi Petronas, 32610 Seri Iskandar Perak Malaysia

khairulshafee_kalid@utp.edu.m 

Aliza Sarlan, Department of Computer and Information Science Universiti Teknologi Petronas, 32610 Seri Iskandar Perak Malaysia

aliza_sarlan@utp.edu.my

Anas Abdelsatar Mohammad Salameh, Department of Management Information Systems, College of Business Administration, Prince Sattam bin Abdulaziz University, 165 Al-Kharj 11942, Saudi Arabia

a.salameh@psau.edu.sa

Downloads

Published

2024-10-03

Issue

Online First Articles

Section

Articles
Crossref
Scopus
Google Scholar
Europe PMC