Model Oriented Security Requirements Engineering (MOSRE) Framework for Web Applications

  • P. Salini
  • S. Kanmani
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 177)


In the recent years, tasks such as the Security Requirements Elicitation, the Specification of Security Requirements or the Security requirements Validation are essential to assure the Quality of the resulting software. An increasing part of the communication and sharing of information in our society utilizes Web Applications. Last two years have seen a significant surge in the amount of Web Application specific vulnerabilities that are disclosed to the public because of the importance of Security Requirements Engineering for Web based systems and as it is still under estimated. Therefore a thorough Security Requirements analysis is even more relevant. In this paper, we propose a Model oriented framework to Security Requirement Engineering (MOSRE) for Web Applications and applied our framework for E-Voting system. By applying Modeling technologies to Requirement phases, the Security requirements and domain knowledge can be captured in a well-defined model and it is better than traditional process.


Secure Security Requirements Security Requirements Engineering Web Applications 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    CLUSIF, Web Application Working Group, Web application security, managing web application security risks, Technical Studies (March 2010),
  2. 2.
    Jacobson, I.: Modeling with Use Cases: Formalizing Use Case Modelling. Journal of Object-Oriented Programming (1995)Google Scholar
  3. 3.
    UML. Unified Modeling Language. Version 1.5 (2003),
  4. 4.
    Meier, J.D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Murukan, A.: Improving Web Application Security:Threats and Countermeasures. Microsoft Corporation (June 2003)Google Scholar
  5. 5.
    Mead, R., Houg, E.D., Stehney, T.R.: Security Quality Requirements Engineering (Square) Methodology, tech. report CMU/SEI-2005-TR-009, Software Eng. Inst., Carnegie Mellon Univ. (2005)Google Scholar
  6. 6.
    Swiderski, Frank, Syndex: Threat Modeling. Microsoft Press (2004)Google Scholar
  7. 7.
    Sindre, G., Opdah, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10, 34–44 (2005)CrossRefGoogle Scholar
  8. 8.
    José Escalona, M., Koch, N.: Requirements Engineering for Web Applications – A Comparative Study. Journal of Web Engineering 2(3), 193–212 (2004)Google Scholar
  9. 9.
    Lee, H., Lee, C., Yoo, C.: A Scenario-based Object-oriented Methodology for Developing Hypermedia Information Systems. In: Sprague, R. (ed.) Proceedings of 31st Annual Conference on Systems Science (1998)Google Scholar
  10. 10.
    Bieber, M., Galnares, R., Lu, Q.: Web Engineering and Flexible Hypermedia. In: The Second Workshop on Adaptive Hypertext and Hypermedia, Hypertext 1998, Pittsburg, USA (1998)Google Scholar
  11. 11.
    Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Security Requirements engineering: A Framework for Representation and Analysis. IEEE Transaction on Software Eng. 34(1), 133–152 (2008)CrossRefGoogle Scholar
  12. 12.
    Dubois, E., Mouratidis, H.: Guest editorial: security requirements engineering: past, present and future. Requirements Eng. 15, 1–5 (2010)CrossRefGoogle Scholar
  13. 13.
    Fabian, B., Gurses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng., Special Issue Security Requirements Engineering 15, 7–40 (2010)Google Scholar
  14. 14.
    Houmb, S.H., Islam, S., Knauss, E., Jurjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: An integration of Common Criteria, heuristics, and UMLsec. Requirements Eng., Special Issue Security Requirements Engineering 15, 63–93 (2010)Google Scholar
  15. 15.
    Hadavi, M.A., Hamishagi, V.S., Sangchi, H.M.: Security Requirements Engineering; State of the Art and Research Challenges. In: Proceedings of the International Multi Conference of Engineers and Computer Scientists, IMECS 2008, Hong Kong, vol. I, pp. 19–21 (March 2008)Google Scholar
  16. 16.
    Wang, H., Jia, Z., Shen, Z.: Research in security requirements engineering process, pp. 1285–1288. IEEE (2009)Google Scholar
  17. 17.
    Jain, S., Ingle, M.: Software Security Requirements Gathering Instrument. International Journal of Advanced Computer Science and Applications (IJACSA) 2(7), 116–129 (2011)Google Scholar
  18. 18.
    Chandrabose, A., Alagarsamy, K.: Security Requirements Engineering – A Strategic Approach. International Journal of Computer Applications (0975 – 8887) 13(3), 25–32 (2011)Google Scholar
  19. 19.
    Pandey, D., Suman, U., Ramani, A.K.: Security Requirement Engineering Issues in Risk Management. International Journal of Computer Applications (0975 – 8887) 17(5), 12–14 (2011)Google Scholar
  20. 20.
    Firesmith, D.: Engineering Security Requirements. Journal of Object Technology 2(1), 53–68 (2003), CrossRefGoogle Scholar
  21. 21.
    Apvrille, A., Pourzandi, M.: Secure Software Development by Example. IEEE Security & Privacy 3(4), 10–17 (2005)CrossRefGoogle Scholar
  22. 22.
    Graham, D.: Introduction to the CLASP Process. Build Security (2006),

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringPondicherry Engineering CollegePilaichavadyIndia
  2. 2.Department of Information TechnologyPondicherry Engineering CollegePilaichavadyIndia

Personalised recommendations