Problem-based Elicitation of Security Requirements - The ProCOR Method

Roman Wirtz, Maritta Heisel, Rene Meis, Aida Omerovic, Ketil Stølen

2018

Abstract

Security is of great importance for many software systems. The security of a software system can be compromised by threats, which may harm assets with a certain likelihood, thus constituting a risk. All such risks should be identified, and unacceptable risks should be reduced, which gives rise to security requirements. The relevant security requirements should be known right from the beginning of the software development process. Eliciting security requirements should be done in a systematic way. We propse a method to elicit security requirements that address unacceptable risks. They require a reduction of the risk to an acceptable level. Our method combines the CORAS risk management method with Jackson’s problem-based requirements analysis approach. Based on the functional requirements for a software system, security risks are identified and evaluated. Unacceptable risks give rise to high-level security requirements. To reduce the risk, treatments are selected. Based on the selected treatments, concretized security requirements are set up and represented in a similar way as functional requirements. Thus, both functional and security requirements can then drive the software development process.

Download


Paper Citation


in Harvard Style

Wirtz R., Heisel M., Meis R., Omerovic A. and Stølen K. (2018). Problem-based Elicitation of Security Requirements - The ProCOR Method.In Proceedings of the 13th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-300-1, pages 26-38. DOI: 10.5220/0006669400260038


in Bibtex Style

@conference{enase18,
author={Roman Wirtz and Maritta Heisel and Rene Meis and Aida Omerovic and Ketil Stølen},
title={Problem-based Elicitation of Security Requirements - The ProCOR Method},
booktitle={Proceedings of the 13th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2018},
pages={26-38},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006669400260038},
isbn={978-989-758-300-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 13th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - Problem-based Elicitation of Security Requirements - The ProCOR Method
SN - 978-989-758-300-1
AU - Wirtz R.
AU - Heisel M.
AU - Meis R.
AU - Omerovic A.
AU - Stølen K.
PY - 2018
SP - 26
EP - 38
DO - 10.5220/0006669400260038