A reference measurement framework of software security product quality (SPQNFSR)

Hashemite University Abstract Currently, the customer's demands have expressively amplified their expectations of getting software at a high‐quality level. However, the non‐functional requirements of the software products attention have been expanded in both the academic and the industrial fields; so, there is no framework for specifying andmeasuring such kinds of quality constraints for the security requirements of software product quality. This paper presents an integrated framework of the early specification andmeasurement of the functional and non‐functional software security requirements. Such a measurement framework would help software and systems engineers to improve product qualities whether the software has already been delivered or has yet to be built. The main steps that have been followed include: identify, specify and measure the software security requirements based on ISO/IEC SQuaRE series of international standards for software product quality. A standard measurement framework used to measure the functional size of the software product quality to develop a functional size measurement of the functional and non‐functional security requirements is described. As a result, a functional size measurement framework of the functional and non‐ functional security requirements (SPQ) using international standards is proposed. An automatic teller machine case study for the measurement of security requirements based on perspectives of a software functional user requirements is presented. Finally, it is concluded that it is essential to develop such a functional size measurement framework for functional and non‐functional security requirements to support developers to face the challenges derived from early dealing with such requirements.

[1]  Kim-Kwang Raymond Choo,et al.  Secure Key Agreement and Key Protection for Mobile Device User Authentication , 2019, IEEE Transactions on Information Forensics and Security.

[2]  Elena Troubitsyna,et al.  Towards a Formal Approach to Analysing Security of Safety-Critical Systems , 2018, 2018 14th European Dependable Computing Conference (EDCC).

[3]  Khalid T. Al-Sarayreh,et al.  A REFERENCE MODEL OF SECURITY REQUIREMENTS FOR EARLY IDENTIFICATION AND MEASUREMENT OF SECURITY AWARENESS PROGRAM , 2014 .

[4]  Nenghai Yu,et al.  AnFRA: Anonymous and Fast Roaming Authentication for Space Information Network , 2019, IEEE Transactions on Information Forensics and Security.

[5]  Joseph E. Urban,et al.  Applying Formal Methods to Specify Security Requirements in Multi-Agent Systems , 2018, 2018 Federated Conference on Computer Science and Information Systems (FedCSIS).

[6]  Khaled Almakadmeh,et al.  A Trade-Off Model of Software Requirements for Balancing Between Security and Usability Issues , 2015 .

[7]  Tetiana Hovorushchenko,et al.  Evaluating the Software Requirements Specifications Using Ontology-Based Intelligent Agent , 2018, 2018 IEEE 13th International Scientific and Technical Conference on Computer Sciences and Information Technologies (CSIT).

[8]  Khalid T. Al-Sarayreh Dependability Model for Decomposition and Allocation of System Safety Integrity Levels of Software Quality , 2015 .

[9]  Rahmat Yasirandi,et al.  Security Protection Profile on Smart Card System Using ISO 15408 Case Study: Indonesia Health Insurance Agency , 2018, 2018 6th International Conference on Information and Communication Technology (ICoICT).

[10]  Rory O'Connor,et al.  Systems and Software Engineering Standards for Very Small Entities: Accomplishments and Overview , 2016, Computer.

[11]  Jaouad Boutahar,et al.  Modeling telemedicine security requirements using a SysML security extension , 2018, 2018 6th International Conference on Multimedia Computing and Systems (ICMCS).

[12]  Alain Abran,et al.  A standards-based reference framework for system portability requirements , 2013, Comput. Stand. Interfaces.

[13]  Alain Abran,et al.  System security requirements: A framework for early identification, specification and measurement of related software requirements , 2019, Comput. Stand. Interfaces.

[14]  Khalid T. Al-Sarayreh,et al.  Towards a Development of an Operational Process for Software Requirements: Case study application for Renewable Energy Software's , 2015 .

[15]  Abdullah Aljumah,et al.  Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms , 2019, IEEE Access.

[16]  Wentao Wang,et al.  Towards a Security Requirements Management Framework for Open-Source Software , 2018, 2018 IEEE 26th International Requirements Engineering Conference (RE).

[17]  Alain Abran,et al.  Software Metrics and Software Metrology: Abran/Software Metrics , 2010 .

[18]  Khalid T. Al-Sarayreh,et al.  Towards A Requirements Model of System Security Using International Standards , 2015 .

[19]  Ying Zhang,et al.  User Security Authentication Scheme under SaaS Platform of Enterprises , 2018, 2018 International Conference on Virtual Reality and Intelligent Systems (ICVRIS).

[20]  Egor P. Kunakov Improvement of the Technological Process of Pipe Bending with the Introduction of Digital Technologies and Information Security Requirements , 2018, 2018 IEEE International Conference "Quality Management, Transport and Information Security, Information Technologies" (IT&QM&IS).

[21]  Alain Abran,et al.  A standards‐based model of system maintainability requirements , 2013, J. Softw. Evol. Process..

[22]  Claude Y. Laporte,et al.  Applying Software Engineering Standards in Very Small Entities: From Startups to Grownups , 2017, IEEE Software.