A comparison of security requirements engineering methods

Benjamin Fabian, Seda Gürses, Maritta Heisel, Thomas Santen, Holger Schmidt
2009 Requirements Engineering  
This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as
more » ... methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another.
doi:10.1007/s00766-009-0092-x fatcat:eaw5fvp2yjbwtpucnk6fzwglmy