Security Requirements Assurance: An Assurance Case Perspective
In the current era, software security requirements domain has changed thoroughly, and has been considered an essential aspect for software quality. Machine learning and artificial intelligence have become the emerging trends to automate the identification and specification of security requirements....
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
Institute of Electrical and Electronics Engineers Inc.
2023
|
| Online Access: | http://scholars.utp.edu.my/id/eprint/38021/ https://www.scopus.com/inward/record.uri?eid=2-s2.0-85175471070&doi=10.1109%2fICSECS58457.2023.10256374&partnerID=40&md5=742a6bf6b06f75db6b2e11ab9ade67eb |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
oai:scholars.utp.edu.my:38021 |
|---|---|
| record_format |
eprints |
| spelling |
oai:scholars.utp.edu.my:380212023-12-11T03:01:10Z http://scholars.utp.edu.my/id/eprint/38021/ Security Requirements Assurance: An Assurance Case Perspective Janisar, A.A. Kalid, K.S.B. Sarlan, A.B. Gilal, A.R. In the current era, software security requirements domain has changed thoroughly, and has been considered an essential aspect for software quality. Machine learning and artificial intelligence have become the emerging trends to automate the identification and specification of security requirements. As an active research area, security requirements specifications are recognized and persuaded in software engineering and security assurance communities. Overfitting of security requirements after system design can result in security issues in current system architecture. Consistency, completeness, and correctness are critical requirements for ensuring the effectiveness of systems architecture. However, without these security requirements, the system is vulnerable to attacks and organization's assets, and its reputation is at risk. Moreover, it increases the cost and time to fix the security problem. Therefore, to avoid such problems security requirements need to be identified more precisely and consistently. Realizing the benefits of assurance case, A conceptual framework is proposed for identification of security requirements correctness, consistency and completeness using assurance case. Objective of the proposed conceptual framework to assist the security requirement engineer to identify the security requirements using assurance case during requirement phase i.e., the security requirements are correct, complete, and consistent. The proposed conceptual framework involves five phases: (1) assets identification, (2) threat identification, (3) security objectives, (4) security requirements identification and (5) security requirement assessment. © 2023 IEEE. Institute of Electrical and Electronics Engineers Inc. 2023 Conference or Workshop Item NonPeerReviewed Janisar, A.A. and Kalid, K.S.B. and Sarlan, A.B. and Gilal, A.R. (2023) Security Requirements Assurance: An Assurance Case Perspective. In: UNSPECIFIED. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85175471070&doi=10.1109%2fICSECS58457.2023.10256374&partnerID=40&md5=742a6bf6b06f75db6b2e11ab9ade67eb 10.1109/ICSECS58457.2023.10256374 10.1109/ICSECS58457.2023.10256374 10.1109/ICSECS58457.2023.10256374 |
| institution |
Universiti Teknologi Petronas |
| building |
UTP Resource Centre |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Petronas |
| content_source |
UTP Institutional Repository |
| url_provider |
http://eprints.utp.edu.my/ |
| description |
In the current era, software security requirements domain has changed thoroughly, and has been considered an essential aspect for software quality. Machine learning and artificial intelligence have become the emerging trends to automate the identification and specification of security requirements. As an active research area, security requirements specifications are recognized and persuaded in software engineering and security assurance communities. Overfitting of security requirements after system design can result in security issues in current system architecture. Consistency, completeness, and correctness are critical requirements for ensuring the effectiveness of systems architecture. However, without these security requirements, the system is vulnerable to attacks and organization's assets, and its reputation is at risk. Moreover, it increases the cost and time to fix the security problem. Therefore, to avoid such problems security requirements need to be identified more precisely and consistently. Realizing the benefits of assurance case, A conceptual framework is proposed for identification of security requirements correctness, consistency and completeness using assurance case. Objective of the proposed conceptual framework to assist the security requirement engineer to identify the security requirements using assurance case during requirement phase i.e., the security requirements are correct, complete, and consistent. The proposed conceptual framework involves five phases: (1) assets identification, (2) threat identification, (3) security objectives, (4) security requirements identification and (5) security requirement assessment. © 2023 IEEE. |
| format |
Conference or Workshop Item |
| author |
Janisar, A.A. Kalid, K.S.B. Sarlan, A.B. Gilal, A.R. |
| spellingShingle |
Janisar, A.A. Kalid, K.S.B. Sarlan, A.B. Gilal, A.R. Security Requirements Assurance: An Assurance Case Perspective |
| author_facet |
Janisar, A.A. Kalid, K.S.B. Sarlan, A.B. Gilal, A.R. |
| author_sort |
Janisar, A.A. |
| title |
Security Requirements Assurance: An Assurance Case Perspective |
| title_short |
Security Requirements Assurance: An Assurance Case Perspective |
| title_full |
Security Requirements Assurance: An Assurance Case Perspective |
| title_fullStr |
Security Requirements Assurance: An Assurance Case Perspective |
| title_full_unstemmed |
Security Requirements Assurance: An Assurance Case Perspective |
| title_sort |
security requirements assurance: an assurance case perspective |
| publisher |
Institute of Electrical and Electronics Engineers Inc. |
| publishDate |
2023 |
| url |
http://scholars.utp.edu.my/id/eprint/38021/ https://www.scopus.com/inward/record.uri?eid=2-s2.0-85175471070&doi=10.1109%2fICSECS58457.2023.10256374&partnerID=40&md5=742a6bf6b06f75db6b2e11ab9ade67eb |
| _version_ |
1787138256421257216 |
| score |
13.214268 |