Skip to main content
SpringerLink
Log in
Book cover

Information Technology - New Generations pp 517–525Cite as

A Requirements Engineering-Based Approach for Evaluating Security Requirements Engineering Methodologies

  • Conference paper
  • First Online:

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 738))

Abstract

The significance of security requirements in building safety and security critical systems is widely acknowledged. However, given the multitude of security requirements engineering methodologies that exists today, selecting the best suitable methodology remains challenging. In a previous work, we proposed a generic evaluation methodology to elicit and evaluate the anticipated characteristics of a security requirements engineering methodology with regards to the stakeholders’ working context. In this article, we provide the empirical evaluation of three security requirements engineering methodologies KAOS, STS and SEPP with respect to the evaluation criteria elicited for network SRE context. The study show that none of them provide good support to derive network security requirements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. A. Van Lamsweerde, S. Brohez, R. De Landtsheer, D. Janssens, From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering, in Proceedings of the RE’03 Workshop on Requirements for High Assurance Systems (RHAS’03), Monterey (CA), Sept. 2003

    Google Scholar 

  2. M. Salnitri, E. Paja, P. Giorgini, From socio-technical requirements to technical security design: an sts-based framework, Technical report, DISI-University of Trento

    Google Scholar 

  3. D. Hatebur, M. Heisel, H. Schmidt, A pattern system for security requirements engineering, in ARES 2007, the Second International Conference

    Google Scholar 

  4. S.T. Bulusu, R. Laborde, F. Barrère, A. Benzekri, A. Samer Wazan, Which security requirements engineering methodology should I choose? Towards a requirements engineering-based evaluation approach, presented at the ARES’2017

    Google Scholar 

  5. S.T. Bulusu, R. Laborde, F. Barrère, A. Benzekri, A. Samer Wazan, Applying a requirement engineering based approach to evaluate the security requirements engineering methodologies, in ACM SAC’2018 (To appear) (Pau, France, 2018)

    Google Scholar 

  6. KAOS Tool—Objectiver: HomePage, http://www.objectiver.com/index.php?id=4

  7. E. Paja, F. Dalpiaz, P. Giorgini, Sts-tool: Security requirements engineering for socio-technical systems, in Engineering Secure Future Internet Services and Systems (Springer, 2014), pp. 65–96

    Google Scholar 

  8. T.A. Kletz, Hazop and Hazan: Identifying and Assessing Process Industry Hazards (IChemE, 1999)

    Google Scholar 

Download references

Acknowledgment

This work is part of project IREHDO2 funded by DGA/DGAC. The authors thank the security experts at Airbus and the anonymous reviewers for their useful comments.

Author information

Authors and Affiliations

  1. IRIT/Université Paul Sabatier, Toulouse, France

    Sravani Teja Bulusu, Romain Laborde, Ahmad Samer Wazan, Francois Barrère & Abdelmalek Benzekri

Authors
  1. Sravani Teja Bulusu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Romain Laborde
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmad Samer Wazan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Francois Barrère
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Abdelmalek Benzekri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sravani Teja Bulusu .

Editor information

Editors and Affiliations

  1. Department of Electrical & Computer Engineering, University of Nevada, Las Vegas, Las Vegas, Nevada, USA

    Shahram Latifi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bulusu, S.T., Laborde, R., Wazan, A.S., Barrère, F., Benzekri, A. (2018). A Requirements Engineering-Based Approach for Evaluating Security Requirements Engineering Methodologies. In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 738. Springer, Cham. https://doi.org/10.1007/978-3-319-77028-4_67

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-77028-4_67

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-77027-7

  • Online ISBN: 978-3-319-77028-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation