Abstract
The significance of security requirements in building safety and security critical systems is widely acknowledged. However, given the multitude of security requirements engineering methodologies that exists today, selecting the best suitable methodology remains challenging. In a previous work, we proposed a generic evaluation methodology to elicit and evaluate the anticipated characteristics of a security requirements engineering methodology with regards to the stakeholders’ working context. In this article, we provide the empirical evaluation of three security requirements engineering methodologies KAOS, STS and SEPP with respect to the evaluation criteria elicited for network SRE context. The study show that none of them provide good support to derive network security requirements.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
A. Van Lamsweerde, S. Brohez, R. De Landtsheer, D. Janssens, From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering, in Proceedings of the RE’03 Workshop on Requirements for High Assurance Systems (RHAS’03), Monterey (CA), Sept. 2003
M. Salnitri, E. Paja, P. Giorgini, From socio-technical requirements to technical security design: an sts-based framework, Technical report, DISI-University of Trento
D. Hatebur, M. Heisel, H. Schmidt, A pattern system for security requirements engineering, in ARES 2007, the Second International Conference
S.T. Bulusu, R. Laborde, F. Barrère, A. Benzekri, A. Samer Wazan, Which security requirements engineering methodology should I choose? Towards a requirements engineering-based evaluation approach, presented at the ARES’2017
S.T. Bulusu, R. Laborde, F. Barrère, A. Benzekri, A. Samer Wazan, Applying a requirement engineering based approach to evaluate the security requirements engineering methodologies, in ACM SAC’2018 (To appear) (Pau, France, 2018)
KAOS Tool—Objectiver: HomePage, http://www.objectiver.com/index.php?id=4
E. Paja, F. Dalpiaz, P. Giorgini, Sts-tool: Security requirements engineering for socio-technical systems, in Engineering Secure Future Internet Services and Systems (Springer, 2014), pp. 65–96
T.A. Kletz, Hazop and Hazan: Identifying and Assessing Process Industry Hazards (IChemE, 1999)
Acknowledgment
This work is part of project IREHDO2 funded by DGA/DGAC. The authors thank the security experts at Airbus and the anonymous reviewers for their useful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Bulusu, S.T., Laborde, R., Wazan, A.S., Barrère, F., Benzekri, A. (2018). A Requirements Engineering-Based Approach for Evaluating Security Requirements Engineering Methodologies. In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 738. Springer, Cham. https://doi.org/10.1007/978-3-319-77028-4_67
Download citation
DOI: https://doi.org/10.1007/978-3-319-77028-4_67
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77027-7
Online ISBN: 978-3-319-77028-4
eBook Packages: EngineeringEngineering (R0)