A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering

  • Denisse Muñante
  • Vanea Chiprianov
  • Laurent Gallon
  • Philippe Aniorté
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8708)


One of the most important aspects that help improve the quality and cost of secure information systems in their early stages of the development lifecycle is Security Requirements Engineering (SRE). However, obtaining such requirements is non-trivial. One domain dealing also with eliciting security requirements is Risk Analysis (RA). Therefore, we perform a review of SRE methods in order to analyse which ones are compatible with RA processes. Moreover, the transition from these early security requirements to security policies at later stages in the lifecycle is generally non-automatic, informal and incomplete. To deal with such issues, model-driven engineering (MDE) uses formal models and automatic model transformations. Therefore, we also review which SRE methods are compatible with MDE approaches. Consequently, our review is based on criteria derived partially from existing survey works, further enriched and specialized in order to evaluate the compatibility of SRE methods with the disciplines of RA and MDE. It summarizes the evidence regarding this issue so as to improve understanding and facilitate evaluating and selecting SRE methods.


Security requirements engineering risk analysis model-driven engineering review 


  1. 1.
    Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons (2001)Google Scholar
  2. 2.
    Karpati, P., Sindre, G., Opdahl, A.L.: Characterising and analysing security requirements modelling initiatives. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES), pp. 710–715. IEEE Computer Society (2011)Google Scholar
  3. 3.
    Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requir. Eng. 15(1), 7–40 (2010)CrossRefGoogle Scholar
  4. 4.
    Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Computer Standards & Interfaces 32(4), 153–165 (2010)CrossRefGoogle Scholar
  5. 5.
    Salini, P., Kanmani, S.: Survey and analysis on Security Requirements Engineering. Computers & Electrical Engineering 38(6), 1785–1797 (2012)CrossRefGoogle Scholar
  6. 6.
    Mayer, N., Dubois, E., Matulevicius, R., Heymans, P.: Towards a Measurement Framework for Security Risk Management. In: Modeling Security Workshop (MODSEC 2008), in conjunction with the 11th International Conference on Model Driven Engineering Languages and Systems (MODELS 2008), Toulouse, France (September 2008)Google Scholar
  7. 7.
    Jurjens, J.: UMLsec: Extending UML for secure systems development. In: Fifth International Conference on the Unified Modeling Language, Model Engineering, Languages Concepts and Tools (2002)Google Scholar
  8. 8.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Fifth International Conference on the Unified Modeling Language, Model Engineering, Languages Concepts and Tools (2002)Google Scholar
  9. 9.
    N. Mead, E. Houg, T. Stehney: Security quality requirements engineering (SQUARE) Methodology. Technical report CMU/SEI-2005-TR-009. Software Eng. Inst., Carnegie Mellon Univ. (2005)Google Scholar
  10. 10.
    Sindre, G., Opdahl, A.L.: Capturing security requirements by misuse cases. Presented at 14th Norwegian Informatics Conference (NIK 2001), Tromsø, Norway (2001)Google Scholar
  11. 11.
    van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, May 23-28, pp. 148–157 (2004)Google Scholar
  12. 12.
    Mouratidis, H., Giorgini, P.: Secure tropos: A security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(2), 285–309 (2007)CrossRefGoogle Scholar
  13. 13.
    Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. University of Toronto, Department of Computer Science. Technical report (2007)Google Scholar
  14. 14.
    Anton, A.I., Earp, J.B.: Strategies for developing policies and requirements for secure electronic commerce systems. Department of Computer Science, North Carolina State University. Technical report (2000)Google Scholar
  15. 15.
    Braber, F., Hogganvik, I., Lund, M.S., Stolen, K., Vraalsen, F.: Model-based security analysis in seven steps-a guided tour to the CORAS method. BT Technol. J. 25(1), 101–117 (2007)CrossRefGoogle Scholar
  16. 16.
    Asnar, Y., Giorgini, P., Massacci, F., Zannon, N.: From trust to dependability through risk analysis. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 19–26. IEEE Computer Society (2007)Google Scholar
  17. 17.
    Mayer, N., Rifaut, A., Dubois, E.: Towards a risk-based security requirements engineering framework. In: Proceedings of the 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ 2005), in conjunction with the 17th Conference on Advanced Information Systems Engineering, CAiSE 2005 (2005)Google Scholar
  18. 18.
    Mellado, D., Fernandez-Medina, E., Piattini, M.: Applying a security requirements engineering process. In: Proceedings of the 11th European Conference on Research in Computer Security, Hamburg, Germany, September 18-20, pp. 192–206 (2006)Google Scholar
  19. 19.
    Hervé Schauer Consultants. ISO/IEC 27005:2011 Information technology – Security techniques – Information security risk management (2010)Google Scholar
  20. 20.
    Kleppe, A., Warmer, J., Bast, W.: MDA explained the model driven architecture: Practice and promise. Addison-Wesley, Boston (2003)Google Scholar
  21. 21.
    Yue, T., Briand, L.C., Labiche, Y.: A systematic review of transformation approaches between user requirements and analysis models. Requirements Engineering 16(2), 75–99 (2011)CrossRefGoogle Scholar
  22. 22.
    Muñante, D., Gallon, L., Aniorté, P.: An approach based on Model-driven Engineering to define Security Policies using the access control model OrBAC. In: The Eight International Workshop on Frontiers in Availability, Reliability and Security (FARES 2013), in conjonction with the 8th ARES Conference (ARES 2013), September 2-6. University of Regensburg, Germany (2013)Google Scholar
  23. 23.
    Ledru, Y., Richier, J., Idani, A., Labiadh, M.: From KAOS to RBAC: A Case Study in Designing Access Control Rules from a Requirements Analysis. In: 6 me Conference sur la Scurit des Architectures Rseaux et des Systmes d’Information (SARSSI 2011). La Rochelle, France (2011)Google Scholar
  24. 24.
    Mouratidis, H., Jürjens, J., Fox, J.: Towards a comprehensive framework for secure systems development. In: Martinez, F.H., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 48–62. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Graa, M., Cuppens-Boulahia, N., Autrel, F., Azkia, H., Cuppens, F., Coatrieux, G., Cavalli, A., Mammar, A.: Using Requirements Engineering in an Automatic Security Policy Derivation Process. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 155–172. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  26. 26.
    Mead, N.R., Allen, J.H., Barnum, S.J., Ellison, R.J., McGraw, G.: Software Security Engineering: A Guide for Project Managers. Addison-Wesley Professional (2004)Google Scholar
  27. 27.
    Matulevicius, R., Mayer, N., Mouratidis, H., Dubois, E., Heymans, P., Genon, N.: Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 541–555. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  28. 28.
    Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., Stolen, K., Aagedal, J.O.: The CORAS methodology: Model-based risk assessment using UML and UP. In: UML and the Unified Process, pp. 332–357. IGI Publishing (2003)Google Scholar
  29. 29.
    Lin, L., Nuseibeh, B., Ince, D., Jackson, M.: Using Abuse Frames to Bound the Scope of Security Problems. In: Proceedings of the 12th IEEE International Conference on Requirements Engineering (RE 2004), pp. 354–355. IEEE Computer Society (2004)Google Scholar
  30. 30.
    Hatebur, D., Heisel, M., Schmidt, H.: A security engineering process based on patterns. In: Proceedings of the International Workshop on Secure Systems Methodologies Using Patterns (SPatterns), pp. 734–738. IEEE Computer Society (2007)Google Scholar
  31. 31.
    Beckers, K., Hatebur, D., Heisel, M.: A problem-based threat analysis in compliance with Common Criteria. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES 2013), pp. 111–120 (2013)Google Scholar
  32. 32.
    Haley, C.B., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Denisse Muñante
    • 1
  • Vanea Chiprianov
    • 1
  • Laurent Gallon
    • 1
  • Philippe Aniorté
    • 1
  1. 1.LIUPPA University of PauFrance

Personalised recommendations