A New Consistency Validation Approach to Enhance the Quality of Functional Security Requirements for Secure Software
Keywords:
Requirements Consistency Management, Security Requirements, Security Requirements Validation, Security Requirements Engineering, Secure Software,Abstract
Quality security requirements contribute to the success of secure software development. However, the process of eliciting security requirements is tedious and complex. It also requires requirements engineers to have security experience in the process of eliciting consistent security requirements from the clients-stakeholders. Most of the requirements engineers faced problems in eliciting consistent security compliance requirements from the clients-stakeholders as they misunderstood the real needs and the security term used. Thus, this resulted to inconsistent security requirements being elicited. The inconsistency leads to incorrect and insecure software systems being developed as well as to disruptions of schedule and increase of a project's expenditure. Motivated by these problems, this study is aimed to propose a new approach for consistency validation of functional security requirements. Here, security requirements specifications will be collected from software vendors to analyse the flow of functional security requirements process. Next, visual differencing will be integrated to cross-validate the consistency of the elicited functional security requirements with the best-practise template. Here, security requirements best-practice template pattern library will be designed and a new mathematical formulation that defines the consistency validation rules of security requirements will also be constructed. The formulation will be based on the security-related semi-formalised model, called SecEssential Use Case (SecEUC).This approach will then be realised with a proof of concept prototype tool and will be compared with the existing approaches, focusing on its ability to validate the inconsistency of the functional security requirements. Finally, this study is believed could provide a positive impact to the software industry by reducing the development cost as it allows the requirements engineers to validate the inconsistency that occurs in the elicited security compliance requirements at the early stage of the secure software development.Downloads
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)