RUP-based process model for security requirements engineering in value-added service development

Due to the spreading of SMS services and appearing of new business models, value-added SMS services have been introduced. According to the research results about wide distribution of security incidents on ICT systems worldwide, in spite of known security solutions, there is a necessity for organizational approach to implement security. This paper presents research and development efforts in building process model SecuRUP for security requirements engineering conformed to RUP framework. The model consists of processes, artifacts, activities and according roles for successful elicitation, analysis and specification of recognized security requirements and is validated on presented case study. The model validation results have shown significant process improvement, especially on roles and activities identification in SecuRUP elaboration process, but only further case studies in industry can be best indicators for usefulness of such models.

[1]  Zeljka Car,et al.  A Conceptual Framework for Business Process Engineering: A Case Study , 2006, 2006 International Conference on Software Engineering Advances (ICSEA'06).

[2]  Gwenaël Le Bodic,et al.  Mobile Messaging Technologies and Services: SMS, EMS and MMS , 2002 .

[3]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[4]  Simson L. Garfinkel,et al.  Security and Usability , 2005 .

[5]  P. Krutchen,et al.  The Rational Unified Process: An Introduction , 2000 .

[6]  K. Pripuzic,et al.  Improving Virtual Team Communication , 2006, 2006 International Conference on Software in Telecommunications and Computer Networks.

[7]  Mohammad Reza Ayatollahzadeh Shirazi,et al.  RUPSec: extending business modeling and requirements disciplines of RUP for developing secure systems , 2005, 31st EUROMICRO Conference on Software Engineering and Advanced Applications.

[8]  Noopur Davis Secure Software Development Life Cycle Processes: A Technology Scouting Report , 2005 .

[9]  Wouter Joosen,et al.  On the Secure Software Development Process: CLASP and SDL Compared , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[10]  Gwenaël Le Bodic Mobile messaging technologies and services , 2003 .

[11]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[12]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[13]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .