A Preliminary Study: Challenges in Capturing Security Requirements and Consistency Checking by Requirement Engineers
Keywords:
Consistency Management, Secure Software, Security Requirements, Security Requirements Validation,Abstract
There has been a growing concern on the importance of security with the rise of phenomena, such as ecommerce and nomadic and geographically distributed work. Realizing the security early, especially in the requirement analysis phase, is important so that security problems can be tackled early enough before going further in the development process and avoid re-work. Ensuring the consistency of elicited functional security requirement of requirements specification is also crucial as the requirements should be well understood and agreed upon by all the stakeholders and end-users. Therefore, the aim of this paper is to further discuss on the challenges faced by Requirement Engineers (REs) in: (1) capturing Security Requirement and (2) Consistency Checking in Requirement Engineering. Motivated from the need to ensure consistency in functional security requirement for developing secure software and the gaps found in the existing works, a survey has been conducted involving 38 experts in software engineering in the industry. The survey aims to identify the current problems faced by them during the elicitation process, security standards used as the reference, elicitation and validation method, and the important properties considered while developing secure software. Results of the survey show that REs face difficulties to understand the security needs and the existing standards are difficult to understand. Therefore, it is proposed that an automated tool to elicit security requirements should be developed.Downloads
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)