A model based security requirements engineering framework applied for online trading system

Security engineering is a new research area in software engineering that covers the definition of processes, plans and designs for security. The researchers are working in this area and however there is a lack in security requirements treatment in this field. Requirements engineering is a major action that begins during the communication activity and continues into the modeling activity. Requirements engineering builds a bridge to design and construction. The security requirements is one of the non functional requirements which acts as constrains on the functions of the system, but our view is that security requirements to be considered as functional requirements and to be analyzed during the earlier phase of software development i.e. Requirements engineering phase. An increasing part of the communication and sharing of information in our society utilizes electronic media. IT security is becoming central to the ability to fulfil business goals, build trustworthy systems, and protect assets. In order to develop systems with adequate security features, it is essential to capture the corresponding security needs and requirements. It is called as the Security requirements engineering, which is emerging as a branch of software engineering, spurred by the realization that security must be dealt with early during requirements phase. In this paper we have proposed a framework for Security Requirements engineering and applied on online trading system. Online trading systems form a critical part of the securities and capital markets today. By using security requirements engineering framework we are able to develop a secure online trading system. The results obtained using Proposed Security Requirements Engineering Framework is simple and better than the Haley and His Colleagues Framework.

[1]  Martin Gilje Jaatun,et al.  Security Requirements for the Rest of Us: A Survey , 2008, IEEE Software.

[2]  William N. Robinson,et al.  Requirements interaction management , 2003, CSUR.

[3]  Steven B. Lipner,et al.  The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[4]  Haralambos Mouratidis,et al.  Modelling security and trust with Secure Tropos , 2006 .

[5]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[6]  Bashar Nuseibeh,et al.  Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.

[7]  Constance L. Heitmeyer,et al.  Software Cost Reduction , 2002 .

[8]  Bashar Nuseibeh,et al.  Core Security Requirements Artefacts , 2004 .

[9]  Bashar Nuseibeh,et al.  Deriving security requirements from crosscutting threat descriptions , 2004, AOSD '04.

[10]  Bashar Nuseibeh,et al.  Arguing Satisfaction of Security Requirements , 2008 .

[11]  J. D. Meier Web application security engineering , 2006, IEEE Security & Privacy.

[12]  Axel van Lamsweerde,et al.  Managing Conflicts in Goal-Driven Requirements Engineering , 1998, IEEE Trans. Software Eng..

[13]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[14]  Kenneth R. van Wyk,et al.  Bridging the Gap between Software Development and Information Security , 2005, IEEE Secur. Priv..

[15]  Gary McGraw,et al.  Building Secure Software : ソフトウェアセキュリティについて開発者が知っているべきこと , 2006 .

[16]  Michael Weiss,et al.  Modelling Security Patterns Using NFR Analysis , 2007 .

[17]  Bashar Nuseibeh,et al.  A framework for security requirements engineering , 2006, SESS '06.

[18]  Bashar Nuseibeh,et al.  Security requirements engineering: when anti-requirements hit the fan , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[19]  Donald Firesmith,et al.  Engineering Security Requirements , 2003, J. Object Technol..

[20]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[21]  Eduardo B. Fernández,et al.  A Methodology for Secure Software Design , 2004, Software Engineering Research and Practice.

[22]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[23]  Peter Torr,et al.  Demystifying the threat modeling process , 2005, IEEE Security & Privacy Magazine.

[24]  Gunnar Peterson,et al.  Collaboration in a Secure Development Process Part 2 , 2004 .

[25]  John A. McDermid,et al.  A model for a causal logic for requirements engineering , 2005, Requirements Engineering.

[26]  Philippe Kruchten,et al.  Extending XP practices to support security requirements engineering , 2006, SESS '06.

[27]  Mario Piattini,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.

[28]  Mario Piattini,et al.  Security patterns and requirements for internet-based applications , 2006, Internet Res..

[29]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .