Application of Model Oriented Security Requirements Engineering Framework for secure E-Voting
2012 CSI Sixth International Conference on Software Engineering (CONSEG)
Security engineering is a new research area in software engineering that covers the definition of processes, plans and designs for security. The researchers are working in this area and however there is a lack in security requirements treatment in this field. Requirements engineering is a major action that begins during the communication activity and continues into the modeling activity. Requirements engineering builds a bridge to design and construction. The security requirements is one of the
... non functional requirements which acts as constrains on the functions of the system, but our view is that security requirements to be considered as functional requirements and to be analyzed during the earlier phase of software development i.e. Requirements engineering phase. An increasing part of the communication and sharing of information in our society utilizes electronic media. Many organizations, especially distributed and Net-centric are entirely dependent on well functioning information systems. Thus IT security is becoming central to the ability to fulfill business goals, build trustworthy systems, and protect assets. In order to develop systems with adequate security features, it is essential to capture the corresponding security needs and requirements. It is called as the Security requirements engineering, which is emerging as a branch of software engineering, International Journal of Computer Engineering and Technology (IJCET), 181 spurred by the realization that security must be dealt with early during requirements phase. In this paper we have proposed a framework for Security Requirements Engineering and comparison is made with other Security Requirements Engineering methods. We explore in this section Security Requirements, its issues and Haley and his colleague's framework for Security Requirements .We provide the related works and challenges to web applications. A. SECURITY REQUIREMENTS Security Requirements is defined as constraints on the functions of the system, and these constraints operationalize one or more security goals. But most requirements engineers are poorly trained to elicit, analyze, and specify security requirements, often confusing them with the architectural security mechanisms that are traditionally used to fulfill them. They thus end up specifying architecture and design constraints rather than true security requirements. This paper presents the different types of security requirements and provides associated examples with the intent of enabling requirements engineers to adequately specify security requirements without unnecessarily constraining the security and architecture teams from using the most appropriate security mechanisms for the job.