Towards Capturing Security Requirements in Agile Software Development
Abstract
Software use is an unavoidable reality. Increased use expands the opportunity for malicious use which threatens security and privacy. There are many factors like data loss, increase in budget cost due to security breaches, pending legislation and competitive advantage are driving software developers to integrate security into software development rather than adding security in later stages of development. The approach presented here addresses elicitation, prioritization, analysis of requirements and security requirements. This can be done by identifying candidate’s security goals, their categorization and understanding with stakeholders to develop preliminary security requirements and then prioritization and at the end security requirements are output.
References
M. Beznosov and Kruchten, “Get ready for agile methods with care” Computer, pp. 64-69. 2006.
D. Firesmith, ”Developing secure software and systems”, IEC Network Security: Technology Advances, Strategies, and Change Drivers, Chicago, International Engineering Consortium, vol. 1, 2003.
I. Alexander, “Misuse cases help to elicit non-functional requirements”, Computing & Control Engineering Journal, vol. 14, pp. 40-45, 2003.
Barnum and S. Sethi, “A software security engineering: A guide for project managers”, Software Engineering Institute, Carnegie-Mellon University, Pittsburgh, 2013.
J. Moffett and B. Nuseibeh, “Security requirements engineering: A framework for representation and analysis, IEEE Transactions on Software Engineering”, vol. 1, pp. 133-153, 2008.
Dave and Lawrence, “SQUARETool”, http://www.cert.org/sse/ square/square-tool.html. 2003.
D. Firesmith, "Developing Secure Software and Systems”, IEC Network Security: Technology Advances, Strategies, and Change Drivers, Chicago, International Engineering Consortium, vol. 1, 2003.
Limerick, F. Ireland and M. Morisio, “Software engineering for security: a roadmap”, Paper presented at the Proc. of the Conference on The Future of Software Engineering, vol. 1, 2004.
J. Mylopoulos and N. Zannone, “Requirements engineering meets trust management: Model, methodology and reasoning”, Deptt. of Information and Communication Technology, University of Torento, Canada, August 29 – September 2, 2005.
J. Hafterson,”Security Requirements Engineering: A Framework for Representation and Analysis” , vol.1, pp.18, 2008.
C.G. Harris, “The usage-centric security requirements engineering (USeR) method”, Information Assurance Workshop, vol. 1, pp. 2, July, 2012
M. Hu and B. Liu, “Detecting deceptive opinion spam using human computation”, Paper presented at the Proc. of the 4th Human Computation Workshop (HCOMP'12), vol. 1, pp. 2, 2004.