Experimental Evaluation of Security Requirements Engineering Benefits

被引：0

作者：

Boutahar, Jaouad ^{[1
]}

Maskani, Ilham ^{[2
]}

El Ghazi El Houssaini, Souhail ^{[1
]}

机构：

[1] EHTP, Syst Architectures & Networks Team, Casablanca, Morocco

[2] Hassan II Univ, ENSEM, LISER Lab, Casablanca, Morocco

来源：

INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS | 2018年 / 9卷 / 11期

关键词：

Software security; security requirements engineering; security evaluation; security testing;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Security Requirements Engineering (SRE) approaches are designed to improve information system security by thinking about security requirements at the beginning of the software development lifecycle. This paper is a quantitative evaluation of the benefits of applying such an SRE approach. The followed methodology was to develop two versions of the same web application, with and without using SRE, then comparing the level of security in each version by running different test tools. The subsequent results clearly support the benefits of the early use of SRE with a 38% security improvement in the secure version of the application. This security benefit reaches 67% for high severity vulnerabilities, leaving only non-critical and easy-to-fix vulnerabilities.

引用

页码：411 / 415

页数：5

共 50 条

[1] THE SECURITY ENGINEERING DESIGN PROCESS, AN EVALUATION PROCEDURE FOR PHYSICAL SECURITY REQUIREMENTS
BETTS, CP
STRUCTURES FOR ENHANCED SAFETY AND PHYSICAL SECURITY, 1989, : 61 - 72
[2] BPMN extension evaluation for security requirements engineering framework
Zareen, Saima
Anwar, Syed Muhammad
REQUIREMENTS ENGINEERING, 2024, 29 (02) : 261 - 278
[3] A Systematic Review and Analytical Evaluation of Security Requirements Engineering Approaches
Mohammad, Malik Nadeem Anwar
Nazir, Mohammed
Mustafa, Khurram
ARABIAN JOURNAL FOR SCIENCE AND ENGINEERING, 2019, 44 (11) : 8963 - 8987
[4] A Systematic Review and Analytical Evaluation of Security Requirements Engineering Approaches
Malik Nadeem Anwar Mohammad
Mohammed Nazir
Khurram Mustafa
Arabian Journal for Science and Engineering, 2019, 44 : 8963 - 8987
[5] Capturing the benefits of requirements engineering
Sawyer, P
Sommerville, I
Viller, S
IEEE SOFTWARE, 1999, 16 (02) : 78 - +
[6] Security and trust requirements engineering
Giorgini, P
Massacci, F
Zannone, N
FOUNDATIONS OF SECURITY ANALYSIS AND DESIGN III, 2005, 3655 : 237 - 272
[7] Applying the physics of notation to the evaluation of a security and privacy requirements engineering methodology
Diamantopoulou, Vasiliki
Mouratidis, Haralambos
INFORMATION AND COMPUTER SECURITY, 2018, 26 (04) : 382 - 400
[8] Which Security Requirements Engineering Methodology Should I Choose? Towards a Requirements Engineering-based Evaluation Approach
Bulusu, Sravani Teja
Laborde, Romain
Wazan, Ahmad Samer
Barrere, Francois
Benzekri, Abdelmalek
PROCEEDINGS OF THE 12TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2017), 2017,
[9] Survey and analysis on Security Requirements Engineering
Salini, P.
Kanmani, S.
COMPUTERS & ELECTRICAL ENGINEERING, 2012, 38 (06) : 1785 - 1797
[10] Applying a security requirements engineering process
Mellado, Daniel
Fernandez-Medina, Eduardo
Piattini, Mario
COMPUTER SECURITY - ESORICS 2006, PROCEEDINGS, 2006, 4189 : 192 - 206

← 1 2 3 4 5 →