A New Consistency Validation Approach to Enhance the Quality of Functional Security Requirements for Secure Software

Authors

  • N. Mustafa Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia.
  • M. Kamalrudin Innovative Software System and Service Group (IS3), Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia.

Keywords:

Requirements Consistency Management, Security Requirements, Security Requirements Validation, Security Requirements Engineering, Secure Software,

Abstract

Quality security requirements contribute to the success of secure software development. However, the process of eliciting security requirements is tedious and complex. It also requires requirements engineers to have security experience in the process of eliciting consistent security requirements from the clients-stakeholders. Most of the requirements engineers faced problems in eliciting consistent security compliance requirements from the clients-stakeholders as they misunderstood the real needs and the security term used. Thus, this resulted to inconsistent security requirements being elicited. The inconsistency leads to incorrect and insecure software systems being developed as well as to disruptions of schedule and increase of a project's expenditure. Motivated by these problems, this study is aimed to propose a new approach for consistency validation of functional security requirements. Here, security requirements specifications will be collected from software vendors to analyse the flow of functional security requirements process. Next, visual differencing will be integrated to cross-validate the consistency of the elicited functional security requirements with the best-practise template. Here, security requirements best-practice template pattern library will be designed and a new mathematical formulation that defines the consistency validation rules of security requirements will also be constructed. The formulation will be based on the security-related semi-formalised model, called SecEssential Use Case (SecEUC).This approach will then be realised with a proof of concept prototype tool and will be compared with the existing approaches, focusing on its ability to validate the inconsistency of the functional security requirements. Finally, this study is believed could provide a positive impact to the software industry by reducing the development cost as it allows the requirements engineers to validate the inconsistency that occurs in the elicited security compliance requirements at the early stage of the secure software development.

References

Firesmith, Donald G. “Analyzing and specifying reusable security requirements” in Software Engineering Institute, 2003, pp. 7-11.

Schneider, Kurt, Eric Knauss, Siv Houmb, Shareeful Islam, and Jan Jürjens. “Enhancing Security Requirements Engineering By Organizational Learning” In Requirements Engineering, 2012, 17(1), pp. 35-56.

M.Kamalrudin J. Hosking, John Grundy, "Improving Requirements Quality using Essential Use Case Interaction Patterns," in ICSE’11, Honolulu, Hawaii, USA, 2011, pp. 531-540.

M. Kamalrudin, J.Grundy, J.Hosking,"MaramaAI: Tool Support for Capturing and Managing Consistency of Multilingual Requirements", in Proc. 27th (ASE 2012) Automated Software Engineering Essen, Germany , 2012, pp. 326-329.

Thiago C. de Sousa, Jorge R. Almeida Jr, Sidney Viana, Judith Pavón, "Automatic Analysis of Requirements Consistency with the B Method" in ACM SIGSOFT Software Engineering, 2010. pp.1-4.

Alférez, M., Lopez-Herrejon, R. E., Moreira, A., Amaral, V., & Egyed, A, "Supporting consistency checking between features and software product line use scenarios." in Top Productivity through Software Reuse. Springer Berlin Heidelberg, 2011, Vol. 6727, pp. 20-35.

Isabelle Mirbel, Serena Villata. “Enhancing Goal-based Requirements Consistency: an Argumentation-based Approach”, Michael Fisher and Leon van der Torre and Mehdi Dastani and Guido Governatori. 13th International Workshop on Computational Logic in Multi-Agent Systems” in (CLIMA 2012), Springer, 2012, pp. 110-127.

S. Yahya, M. Kamalrudin, S. Sidek, J. Grundy, “Capturing Security Requirements Using Essential Use Cases (EUCs)” In Requirements Engineering, Springer Berlin Heidelberg, 2014, pp. 16-30.

R. Jindal, R. Malhotra, and A. Jain, “Automated classification of security requirements,” in 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2016, pp. 2027–2033.

S. H. Houmb, S. Islam, E. Knauss, J. Jürjens, and K. Schneider, “Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec,” Requir. Eng., vol. 15, no. 1, pp. 63–93, Mar. 2010.

H. El-Hadary and S. El-Kassas, “Capturing security requirements for software systems,” J. Adv. Res., vol. 5, no. 4, pp. 463–472, Jul. 2014.

Downloads

Published

2018-05-31

How to Cite

Mustafa, N., & Kamalrudin, M. (2018). A New Consistency Validation Approach to Enhance the Quality of Functional Security Requirements for Secure Software. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(2-2), 73–76. Retrieved from https://jtec.utem.edu.my/jtec/article/view/3965

Issue

Vol. 10 No. 2-2: Innovative and Sustainable Technologies for Societal Wellbeing II

Section

Articles

License

TRANSFER OF COPYRIGHT AGREEMENT

The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):

  1. All proprietary right other than copyright, such as patent rights
  2. The right to make further copies of all or part of the published article for my use in classroom teaching
  3. The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
  4. The right to make copies of the published work for internal distribution within the institution that employs me

I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.