Security Requirements Elicitation via Weaving Scenarios Based on Security Evaluation Criteria

Software is required to comply with the laws and standards of software security. However, stakeholders with less concern regarding security can neither describe the behaviour of the system with regard to security nor validate the system's behaviour when the security function conflicts with usab...

Full description

Saved in:
Bibliographic Details
Main Authors: Itoga, H., Ohnishi, A.
Format: Conference Proceeding
Language:English
Subjects:
Computer security
Costs
Data security
Information security
Programming
Software standards
Software systems
Usability
Weaving
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software is required to comply with the laws and standards of software security. However, stakeholders with less concern regarding security can neither describe the behaviour of the system with regard to security nor validate the system's behaviour when the security function conflicts with usability. Scenarios or use- case specifications are common in requirements elicitation and are useful to analyse the usability of the system from a behavioural point of view. In this paper, the authors propose a method to weave scenario fragments based on security evaluation criteria into scenarios. The experiments showed that the weaving method led to a better scenario than the method involving writing or modifying the scenario with reference to security evaluation criteria.
ISSN:1550-6002
2332-662X
DOI:10.1109/QSIC.2007.4385482