Security Requirements Engineering Process for Web Applications

Abstract In the recent years, tasks such as the Security Requirements Elicitation, the Specification of Security Requirements or the Security requirements Validation are essential to assure the Quality of the resulting software. An increasing part of the communication and sharing of information in our society utilizes Web Applications. Last two years have seen a significant surge in the amount of Web Application specific vulnerabilities that are disclosed to the public because of the importance of Security Requirements Engineering for Web based systems and as it is still under estimated. There-fore a thorough Security Requirements analysis is even more relevant. In this paper, we propose a Model oriented Security Requirement Engineering Process for Web Applications and applied our Process for E-Voting system. By applying Modeling technologies to Requirement phases, the Security requirements and domain knowledge can be captured in a well-defined model and it is better than traditional process.

[1]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[2]  M. A. Hadavi,et al.  Security Requirements Engineering; State of the Art and Research Challenges , 2008 .

[3]  Ivar Jacobson,et al.  Formalizing Use-Case Modeling , 1995, J. Object Oriented Program..

[4]  Nora Koch,et al.  Requirements Engineering for Web Applications - A Comparative Study , 2004, J. Web Eng..

[5]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[6]  Heeseok Lee,et al.  A scenario-based object-oriented methodology for developing hypermedia information systems , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[7]  Donald Firesmith,et al.  Engineering Security Requirements , 2003, J. Object Technol..

[8]  Haralambos Mouratidis,et al.  Guest editorial: security requirements engineering: past, present and future , 2009, Requirements Engineering.

[9]  K Alagarsamy,et al.  Security Requirements Engineering – A Strategic Approach , 2011 .

[10]  Maya Ingle,et al.  Software Security Requirements Gathering Instrument , 2011 .

[11]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[12]  Hui Wang,et al.  Research on security requirements engineering process , 2009, 2009 16th International Conference on Industrial Engineering and Engineering Management.

[13]  Jan Jürjens,et al.  Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec , 2010, Requirements Engineering.

[14]  Bashar Nuseibeh,et al.  Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.

[15]  Ugrasen Suman,et al.  Security Requirement Engineering Issues in Risk Management , 2011 .

[16]  Qing Li,et al.  Unified Modeling Language , 2009 .