Security Requirements Elicitation and Modeling Authorizations

  • Rajat GoelEmail author
  • Mahesh Chandra Govil
  • Girdhari Singh
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 625)


Today security is almost inevitable for any software. To achieve this, the security requirements of the software ought to be efficiently modeled. However, existing modeling languages like Unified Modeling Language have certain limitations when it comes to modeling non-functional requirements like security. Most of the software of present era are hosted on internet or cloud and involve heavy exchange of crucial information between great multitudes of users. In this backdrop security becomes an obvious prerequisite. This paper proposes a methodology to elicit security requirements from all concerned stakeholders, assess security level required for every software asset and present this security assessment through easy but effective diagrams.


Unify Modeling Language Security Requirement Security Parameter Rating Table Requirement Elicitation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Shreyas, D.: Software engineering for security - towards architecting secure software. In: ICS 221 Seminar in Software Engineering, University of California, Irvine, pp. 1–12 (2001)Google Scholar
  2. 2.
    Lindvall, M., Basili, V.R., Boehm, B.W., et al.: Empirical findings in agile methods. In: XP Universe and Agile Universe Conference on Extreme Programming and Agile Methods, pp. 197–207 (2002)Google Scholar
  3. 3.
    Goel, R., Govil, M.C., Singh, G.: Imbibing security in software development life cycle: a review paper. In: Afro - Asian International Conference on Science, Engineering and Technology, pp. 593–599 (2015)Google Scholar
  4. 4.
    Van Lamsweerde, A.: Goal-oriented requirements engineering: from system objectives to UML models to precise software specifications. In: 25th International Conference on Software Engineering (2003)Google Scholar
  5. 5.
    Haley, C.B., Laney, R., Moffett, J.D., et al.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)CrossRefGoogle Scholar
  6. 6.
    Mullery, G.P.: CORE-a method for controlled requirement specification. In: 4th International Conference on Software Engineering, pp. 126–135 (1979)Google Scholar
  7. 7.
    Booch, G., Rumbaugh, J., Jacobson, I.: Unified Modeling Language User Guide. Pearson Education India, Noida (2005)Google Scholar
  8. 8.
    Booch, G., Rumbaugh, J., Jacobson, I.: Unified Modeling Language User Guide. Addison Wesley, Boston (2015)Google Scholar
  9. 9.
    Choppy, C., Reggio, G.: Requirements capture and specification for enterprise applications: a UML based attempt. In: Australian Software Engineering Conference, pp. 19–28 (2006)Google Scholar
  10. 10.
    Konrad, S., Goldsby, H., Lopez, K., Cheng, B.H.C.: Visualizing requirements in UML models. In: International Workshop Visualization Requirements Engineering, p. 1 (2007)Google Scholar
  11. 11.
    Dobing, B., Parsons, J.: How UML is used. Commun. ACM 49(5), 109–113 (2006)CrossRefGoogle Scholar
  12. 12.
    Dobing, B., Parsons, J.: Dimensions of UML diagram use: a survey of practitioners. J. Database Manag. 19(1), 1–18 (2008)CrossRefGoogle Scholar
  13. 13.
    Pressman, R.S.: Software Engineering a Practitioner’s Approach. McGraw-Hill, New York (2001)zbMATHGoogle Scholar
  14. 14.
    Forouzan, B.A.: Data Communications and Networking. McGraw-Hill, New York (2007)zbMATHGoogle Scholar
  15. 15.
    Talukder, A.K., Maurya, V.K., Santhosh, B.G., et al.: Security-aware software development life cycle (SaSDLC)- processes and tools. In: IFIP International Conference on Wireless Optical Communications Networks, pp. 1–5 (2009)Google Scholar
  16. 16.
    Glinz, M.: Problems and deficiencies of UML as a requirements specification language. In: International Workshop on Software Specification and Design, pp. 11–22 (2000)Google Scholar
  17. 17.
    Woods, E.: Harnessing UML for architectural description: the context view. IEEE Softw. 31(6), 30–33 (2014)CrossRefGoogle Scholar
  18. 18.
    Chanda, J., Kanjilal, A., Sengupta, S., Bhattacharya, S.: Traceability of requirements and consistency verification of UML use case, activity and class diagram: a formal approach. In: International Conference on Methods Models in Computer Science, pp. 1–4 (2009)Google Scholar
  19. 19.
    Kobryn, C.: UML 3 and the future of modeling. Softw. Syst. Model. 3(1), 4–8 (2004)CrossRefGoogle Scholar
  20. 20.
    Samuel, B.M., Watkins III, L.A., Ehle, A., Khatri, V.: Customizing the representation capabilities of process models: understanding the effects of perceived modeling impediments. IEEE Trans. Softw. Eng. 41(1), 19–39 (2015)CrossRefGoogle Scholar
  21. 21.
    Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10, 34–44 (2005)CrossRefGoogle Scholar
  22. 22.
    Stolen, K., Braber, F.D., Dimitrakos, T., et al.: iTrust Workshop (2002)Google Scholar
  23. 23.
    Kishore, S., Naik, R.: Software Requirements and Estimation. Tata McGraw-Hill Education, New York (2001)Google Scholar
  24. 24.
    Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. 25.
    Sabahat, N., Iqbal, F., Azam, F., Javed, M.Y.: An iterative approach for global requirements elicitation: a case study analysis. In: International Conference on Electronics and Information Engineering, pp. 361–366 (2010)Google Scholar
  26. 26.
    Kasirun, Z.M., Salim, S.S.: Focus group discussion model for requirements elicitation activity. In: International Conference on Computer and Electrical Engineering, pp. 101–105 (2008)Google Scholar
  27. 27.
    Wäyrynen, J., Bodén, M., Boström, G.: Security engineering and extreme programming: an impossible marriage? In: Zannier, C., Erdogmus, H., Lindstrom, L. (eds.) XP/Agile Universe 2004. LNCS, vol. 3134, pp. 117–128. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Kamata, M.I., Tamai, T.: How does requirements quality relate to project success or failure? In: Requirements Engineering Conference, pp. 69–78 (2007)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2016

Authors and Affiliations

  • Rajat Goel
    • 1
    Email author
  • Mahesh Chandra Govil
    • 1
  • Girdhari Singh
    • 1
  1. 1.Malaviya National Institute of Technology JaipurJaipurIndia

Personalised recommendations