A Preliminary Study: Challenges in Capturing Security Requirements and Consistency Checking by Requirement Engineers

Authors

  • Massila Kamalrudin Innovative Software System and Service Group (IS3), Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia.
  • Nuridawati Mustafa Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia.
  • Safiah Sidek Innovative Software System and Service Group (IS3), Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia.

Keywords:

Consistency Management, Secure Software, Security Requirements, Security Requirements Validation,

Abstract

There has been a growing concern on the importance of security with the rise of phenomena, such as ecommerce and nomadic and geographically distributed work. Realizing the security early, especially in the requirement analysis phase, is important so that security problems can be tackled early enough before going further in the development process and avoid re-work. Ensuring the consistency of elicited functional security requirement of requirements specification is also crucial as the requirements should be well understood and agreed upon by all the stakeholders and end-users. Therefore, the aim of this paper is to further discuss on the challenges faced by Requirement Engineers (REs) in: (1) capturing Security Requirement and (2) Consistency Checking in Requirement Engineering. Motivated from the need to ensure consistency in functional security requirement for developing secure software and the gaps found in the existing works, a survey has been conducted involving 38 experts in software engineering in the industry. The survey aims to identify the current problems faced by them during the elicitation process, security standards used as the reference, elicitation and validation method, and the important properties considered while developing secure software. Results of the survey show that REs face difficulties to understand the security needs and the existing standards are difficult to understand. Therefore, it is proposed that an automated tool to elicit security requirements should be developed.

Downloads

Published

2018-02-12

How to Cite

Kamalrudin, M., Mustafa, N., & Sidek, S. (2018). A Preliminary Study: Challenges in Capturing Security Requirements and Consistency Checking by Requirement Engineers. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(1-7), 5–9. Retrieved from https://jtec.utem.edu.my/jtec/article/view/3587