Formality of the Security Specification Process: Benefits Beyond Requirements

Jose Romero-Mariona, Hadar Ziv, Debra J. Richardson
2010 2010 43rd Hawaii International Conference on System Sciences  
An important difference among approaches to software requirements specification is the degree of formality of the specification process itself. In this paper we explore 12 approaches to security requirements specification. We divide the 12 approaches into two distinct groups, those that follow a formal specification process and those that follow an informal one. We evaluate and compare the benefits that each group of approaches offers in six key areas, including resulting system's security,
more » ... tem's security, scalability, security requirements integration, constraint consideration, testing benefits, and integration of other requirements. Our analysis shows that security requirements specified using a formal process are highly correlated with benefits that go beyond the requirements stage, compared to requirements specified using an informal process.
doi:10.1109/hicss.2010.212 dblp:conf/hicss/Romero-MarionaZR10 fatcat:rg2pk3nnfncdddbkqdrseaaruu