Reusable Security Requirements Repository Implementation Based on Application/System Components

Sonmez F. O., GÜNEL KILIÇ B.

IEEE ACCESS, vol.9, pp.165966-165988, 2021 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 9
  • Publication Date: 2021
  • Doi Number: 10.1109/access.2021.3133020
  • Journal Name: IEEE ACCESS
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Page Numbers: pp.165966-165988
  • Keywords: Security, Unified modeling language, Software, Requirements engineering, Companies, Standards organizations, Risk analysis, Computer security, information security, requirement's engineering, software reusability
  • Middle East Technical University Affiliated: Yes

Abstract

Forming high quality requirements has a direct impact on project success. Gathering security requirements could be challenging, since it demands a multidisciplinary approach and security expertise. Security requirements repository enables an effective alternative for addressing this challenge. The main objective of this paper is to present the design of a practical repository model for reusable security requirements, which is easy to use and understand for even non-security experts. The paper also portrays an approach and a software tool for using this model to determine subtle security requirements for improved coverage. Proposed repository consists of attributes determined by examining common security problems covered in state-of-the-art publications. A test repository was prepared using specification files and Common Criteria documents. The outcomes of applying the proposed model were compared with the sample requirement sets included in the state-of-the-art publications. The results reveal that in the absence of a security requirements repository, key security points can be missed. Repository improves the completeness of the security terms with reasonable effort.