Skip to main content
SpringerLink
Log in

Software Security Requirements Engineering: State of the Art

  • Conference paper
  • First Online:
Book cover Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security (ICGS3 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 534))

Included in the following conference series:

  • International Conference on Global Security, Safety, and Sustainability

Abstract

Software Engineering has established techniques, methods and technology over two decades. However, due to the lack of understanding of software security vulnerabilities, we have not been so successful in applying software engineering principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security can not be just added after a system has been built and delivered to customers as seen in today’s software applications. This keynote paper provides concise methods, techniques, and best practice requirements guidelines on software security and also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. McGraw, G.: Software Security: Building Security In. Addison Wesley, USA (2006)

    Google Scholar 

  2. Ashford, W.: (2009). http://www.computerweekly.com/Articles/2009/07/14/236875/on-demand-service-aims-to-cut-cost-of-fixing-software-security.htm

  3. Allen, J.H., et al.: Software Security Engineering: A Guide for Project Managers. Addison Wesley, Boston (2008)

    Google Scholar 

  4. Jacobson, I.: Object Oriented Software Engineering: Use Case Driven Approach. Addison Wesley, Boston (1992)

    MATH  Google Scholar 

  5. Kotonya, G., Sommerville, I.: Requirements Engineering: Processes and Techniques. Wiley, New York (1998)

    Google Scholar 

  6. van Lamsweerde, A.: Requirements Engineering: From system goals to UML Models to Software Specifications. Wiley, London (2009)

    Google Scholar 

  7. Sommerville, I., Sawyer, P.: Requirements Engineering: A Good Practice Guide. Wiley, New York (1998)

    Google Scholar 

  8. Firesmith, D.: Engineering Safety- and Security-Related Requirements ICCBSS Tutorial. SEI, Carnegie Mellon University, 27 February 2007

    Google Scholar 

  9. Firesmith, D.: Engineering security requirements. J. Object Technol. 2(1), 53–68 (2003)

    Article  Google Scholar 

  10. CERT-SEI: www.cert.org

  11. CERT-UK: https://www.cert.gov.uk/

  12. BSI: Attack patterns articles (2013). https://buildsecurityin.us-cert.gov/articles/knowledge/attack-patterns

  13. Schneier, B.: Attack trees: modelling security threats. Dr Dobbs J. (1999). http://www.schneier.com/paper-attacktrees-ddj-ft.html

  14. Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Wiley, New York (2000)

    Google Scholar 

  15. Ellison, R.J., Moore, A.P.: Trustworthy refinement through intrusion-aware design (CMU/SEI-2003-TR-002, ADA414865). Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2003)

    Google Scholar 

  16. Howard, M., LeBlanc, D.C.: Writing Secure Code, 2nd edn. Microsoft Press, Redmond (2002)

    Google Scholar 

  17. Mead, N.R., et al.: Incorporating security quality requirements engineering (SQUARE) into standard life-cycle models. SEI Technical Note CMU/SEI-2008-TN-006 (2008). http://www.sei.cmu.edu

  18. Caralli, R.A., et al.: Introducing OCTAVE allegro: improving the information security risk assessment process. Technical Report, CMU/SEI-2007-TR-012 (2007)

    Google Scholar 

  19. Alberts, C., Dorofee, A.: Managing Information Security Risks: The OCTAVESM Approach. Addison Wesley, Boston (2002)

    Google Scholar 

  20. Woody, C., Alberts, C.: Considering operational security risk during system development. IEEE Secur. Priv. 5, 30–43 (2007)

    Article  Google Scholar 

  21. CLASP: OWASP CLASP, version 1.2 (2006). http://www.lulu.com/items/volume_62/1401000/1401307/3/print/OWASP_CLASP_v1.2_for_print_LULU.pdf

  22. S-SDLC: Introducing Secure Software development Life Cycle (S-SDLC). Infosec Institute http://resources.infosecinstitute.com/intro-secure-software-development-life-cycle/

  23. Ramachandran, M.: Software Security Engineering: Design and Applications. Nova Science Publishers, New York (2012). ISBN 978-1-61470-128-6. https://www.novapublishers.com/catalog/product_info.php?products_id=26331

  24. Chen, J.A.: Security engineering for software (SES), CS996-CISM (2004). isis.poly.edu/courses/cs996-management/Lectures/SES.pdf

  25. Belapurkar, A., et al.: Distributed System Security: Issues, Processes and Solutions. Wiley, New York (2009)

    Book  Google Scholar 

  26. Ramachandran, M., Chang, V., Li, C.-S.: The improved cloud computing adoption framework to deliver secure services. In: Emerging Software as a Service and Analytics - ESaaSA 2015 in Conjunction with 5th International Conference on Cloud Computing and Services Science - CLOSER 2015 (2015). http://closer.scitevents.org/ESaaSA.aspx

  27. Ramachandran, M.: Enterprise security framework for cloud data security. In: Chang, V. (ed.) Delivery and Adoption of Cloud Computing Services in Contemporary Organizations. IGI Global, Hershey (2014)

    Google Scholar 

  28. Graham, D.: Building security (2006). https://buildsecurityin.us-cert.gov/bsi/articles/best-practices/requirements/548-BSI.html

Download references

Author information

Authors and Affiliations

  1. School of Computing, Creative Technologies and Engineering, Leeds Beckett University, Leeds, LS6 3QS, UK

    Muthu Ramachandran

Authors
  1. Muthu Ramachandran
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muthu Ramachandran .

Editor information

Editors and Affiliations

  1. GSM London, London, United Kingdom

    Hamid Jahankhani

  2. SC Strategy Limited, London, United Kingdom

    Alex Carlile

  3. Sheffield Hallam University, Sheffield, United Kingdom

    Babak Akhgar

  4. Deutsche Bank, New York, USA

    Amie Taal

  5. City University, London, United Kingdom

    Ali G. Hessami

  6. Leeds Beckett University, Leeds, United Kingdom

    Amin Hosseinian-Far

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ramachandran, M. (2015). Software Security Requirements Engineering: State of the Art. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A., Hosseinian-Far, A. (eds) Global Security, Safety and Sustainability: Tomorrow's Challenges of Cyber Security. ICGS3 2015. Communications in Computer and Information Science, vol 534. Springer, Cham. https://doi.org/10.1007/978-3-319-23276-8_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23276-8_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23275-1

  • Online ISBN: 978-3-319-23276-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation