Skip to main content
SpringerLink
Log in

Towards the Weaving of the Characteristics of Good Security Requirements

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10158))

Included in the following conference series:

Abstract

Over the past two decades, there has been a significant emphasis on the research work towards the amelioration within the discipline of security requirements engineering. Many researchers, international standards and organizations have come up with various methodologies to facilitate the elicitation and evaluation of security requirements. However, the task of deriving good quality requirements still remains challenging. One of the main reasons is that there is no consensus in defining what is a good and a bad requirement. The purpose of this paper is to provide with a survey of various quality characteristics of requirements proposed by various authors from different perspectives. Our survey analysis shows that there are a total of 20 distinctive characteristics that are defined in order to evaluate the quality aspects of requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ISO, I., IEC, IEEE: ISO/IEC/IEEE 29148:2011 Systems and software engineering – Life cycle processes – Requirements engineering. International Organization for Standardization (2011)

    Google Scholar 

  2. Pohl, K.: Requirements Engineering: Fundamentals, Principles, and Techniques. Springer Publishing Company, Incorporated (2010)

    Google Scholar 

  3. Wieringa, R., Maiden, N., Mead, N., Rolland, C.: Requirements engineering paper classification and evaluation criteria: a proposal and a discussion. Requirements Eng. 11, 102–107 (2006)

    Article  Google Scholar 

  4. Van Lamsweerde, A.: Requirements engineering: from system goals to UML models to software specifications (2009)

    Google Scholar 

  5. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17, 285–309 (2007)

    Article  Google Scholar 

  6. Hatebur, D., Heisel, M., Schmidt, H.: A pattern system for security requirements engineering. In: The Second International Conference on Availability, Reliability and Security, 2007, ARES 2007, pp. 356–365. IEEE (2007)

    Google Scholar 

  7. Graa, M., Cuppens-Boulahia, N., Autrel, F., Azkia, H., Cuppens, F., Coatrieux, G., Cavalli, A., Mammar, A.: Using requirements engineering in an automatic security policy derivation process. In: Data Privacy Management and Autonomous Spontaneous Security, pp. 155–172. Springer, Heidelberg (2012)

    Google Scholar 

  8. Firesmith, D.: Specifying good requirements. J. Object Technol. 2, 77–87 (2003)

    Article  Google Scholar 

  9. Mills, H.D.: Software Engineering Economics by Barry W. Boehm (1982). Comments on

    Google Scholar 

  10. Walia, G.S., Carver, J.C.: A systematic literature review to identify and classify software requirement errors. Inf. Softw. Technol. 51, 1087–1109 (2009)

    Article  Google Scholar 

  11. Sommerville, I., Sawyer, P.: Requirements Engineering: A Good Practice Guide. Wiley, Hoboken (1997)

    Google Scholar 

  12. Young, R.R.: The Requirements Engineering Handbook. Artech House (2004)

    Google Scholar 

  13. Hull, E., Jackson, K., Dick, J.: Requirements Engineering. Springer Science & Business Media (2010)

    Google Scholar 

  14. Wiegers, K.E.: Writing quality requirements. Softw. Develop. 7, 44–48 (1999)

    Google Scholar 

  15. Egyed, A., Grunbacher, P.: Identifying requirements conflicts and cooperation: how quality attributes and automated traceability can help. IEEE Softw. 21, 50–58 (2004)

    Article  Google Scholar 

  16. Ciechanowicz, Z.: Risk analysis: requirements, conflicts and problems. Comput. Secur. 16, 223–232 (1997)

    Article  Google Scholar 

  17. Massacci, F., Zannone, N.: Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the Allied Irish Bank. MIT Press, Cambridge (2008). Social modeling for requirements engineering

    Google Scholar 

  18. Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: Anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)

    Google Scholar 

Download references

Acknowledgement

This work is part of project IREHDO2 funded by DGA/DGAC. The authors thank M. Michalski and Eric Lacombe, security experts at Airbus, for their useful comments. Finally, we would like to thanks the anonymous reviewers for their valuable inputs.

Author information

Authors and Affiliations

  1. IRIT/Université Paul Sabatier, 118 Route de Narbonne, Toulouse, France

    Sravani Teja Bulusu, Romain Laborde, Ahmad Samer Wazan, Francois Barrère & Abdelmalek Benzekri

Authors
  1. Sravani Teja Bulusu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Romain Laborde
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmad Samer Wazan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Francois Barrère
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Abdelmalek Benzekri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sravani Teja Bulusu .

Editor information

Editors and Affiliations

  1. Telecom Bretagne , Cesson Sevigne CX, France

    Frédéric Cuppens

  2. Telecom Bretagne , Brest Cedex 3, France

    Nora Cuppens

  3. Inria , Rennes Cedex, France

    Jean-Louis Lanet

  4. Inria , Rennes Cedex, France

    Axel Legay

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Bulusu, S.T., Laborde, R., Wazan, A.S., Barrère, F., Benzekri, A. (2017). Towards the Weaving of the Characteristics of Good Security Requirements. In: Cuppens, F., Cuppens, N., Lanet, JL., Legay, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2016. Lecture Notes in Computer Science(), vol 10158. Springer, Cham. https://doi.org/10.1007/978-3-319-54876-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54876-0_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54875-3

  • Online ISBN: 978-3-319-54876-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation