A New Consistency Validation Approach to Enhance the Quality of Functional Security Requirements for Secure Software


  • N. Mustafa Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia.
  • M. Kamalrudin Innovative Software System and Service Group (IS3), Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, 76100 Durian Tunggal, Melaka, Malaysia.


Requirements Consistency Management, Security Requirements, Security Requirements Validation, Security Requirements Engineering, Secure Software,


Quality security requirements contribute to the success of secure software development. However, the process of eliciting security requirements is tedious and complex. It also requires requirements engineers to have security experience in the process of eliciting consistent security requirements from the clients-stakeholders. Most of the requirements engineers faced problems in eliciting consistent security compliance requirements from the clients-stakeholders as they misunderstood the real needs and the security term used. Thus, this resulted to inconsistent security requirements being elicited. The inconsistency leads to incorrect and insecure software systems being developed as well as to disruptions of schedule and increase of a project's expenditure. Motivated by these problems, this study is aimed to propose a new approach for consistency validation of functional security requirements. Here, security requirements specifications will be collected from software vendors to analyse the flow of functional security requirements process. Next, visual differencing will be integrated to cross-validate the consistency of the elicited functional security requirements with the best-practise template. Here, security requirements best-practice template pattern library will be designed and a new mathematical formulation that defines the consistency validation rules of security requirements will also be constructed. The formulation will be based on the security-related semi-formalised model, called SecEssential Use Case (SecEUC).This approach will then be realised with a proof of concept prototype tool and will be compared with the existing approaches, focusing on its ability to validate the inconsistency of the functional security requirements. Finally, this study is believed could provide a positive impact to the software industry by reducing the development cost as it allows the requirements engineers to validate the inconsistency that occurs in the elicited security compliance requirements at the early stage of the secure software development.


Firesmith, Donald G. “Analyzing and specifying reusable security requirements” in Software Engineering Institute, 2003, pp. 7-11.

Schneider, Kurt, Eric Knauss, Siv Houmb, Shareeful Islam, and Jan Jürjens. “Enhancing Security Requirements Engineering By Organizational Learning” In Requirements Engineering, 2012, 17(1), pp. 35-56.

M.Kamalrudin J. Hosking, John Grundy, "Improving Requirements Quality using Essential Use Case Interaction Patterns," in ICSE’11, Honolulu, Hawaii, USA, 2011, pp. 531-540.

M. Kamalrudin, J.Grundy, J.Hosking,"MaramaAI: Tool Support for Capturing and Managing Consistency of Multilingual Requirements", in Proc. 27th (ASE 2012) Automated Software Engineering Essen, Germany , 2012, pp. 326-329.

Thiago C. de Sousa, Jorge R. Almeida Jr, Sidney Viana, Judith Pavón, "Automatic Analysis of Requirements Consistency with the B Method" in ACM SIGSOFT Software Engineering, 2010. pp.1-4.

Alférez, M., Lopez-Herrejon, R. E., Moreira, A., Amaral, V., & Egyed, A, "Supporting consistency checking between features and software product line use scenarios." in Top Productivity through Software Reuse. Springer Berlin Heidelberg, 2011, Vol. 6727, pp. 20-35.

Isabelle Mirbel, Serena Villata. “Enhancing Goal-based Requirements Consistency: an Argumentation-based Approach”, Michael Fisher and Leon van der Torre and Mehdi Dastani and Guido Governatori. 13th International Workshop on Computational Logic in Multi-Agent Systems” in (CLIMA 2012), Springer, 2012, pp. 110-127.

S. Yahya, M. Kamalrudin, S. Sidek, J. Grundy, “Capturing Security Requirements Using Essential Use Cases (EUCs)” In Requirements Engineering, Springer Berlin Heidelberg, 2014, pp. 16-30.

R. Jindal, R. Malhotra, and A. Jain, “Automated classification of security requirements,” in 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI), 2016, pp. 2027–2033.

S. H. Houmb, S. Islam, E. Knauss, J. Jürjens, and K. Schneider, “Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec,” Requir. Eng., vol. 15, no. 1, pp. 63–93, Mar. 2010.

H. El-Hadary and S. El-Kassas, “Capturing security requirements for software systems,” J. Adv. Res., vol. 5, no. 4, pp. 463–472, Jul. 2014.




How to Cite

Mustafa, N., & Kamalrudin, M. (2018). A New Consistency Validation Approach to Enhance the Quality of Functional Security Requirements for Secure Software. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(2-2), 73–76. Retrieved from https://jtec.utem.edu.my/jtec/article/view/3965