Janisar, A.A. and Kalid, K.S.B. and Sarlan, A.B. and Gilal, A.R. (2023) Security Requirements Assurance: An Assurance Case Perspective. In: UNSPECIFIED.
Full text not available from this repository.Abstract
In the current era, software security requirements domain has changed thoroughly, and has been considered an essential aspect for software quality. Machine learning and artificial intelligence have become the emerging trends to automate the identification and specification of security requirements. As an active research area, security requirements specifications are recognized and persuaded in software engineering and security assurance communities. Overfitting of security requirements after system design can result in security issues in current system architecture. Consistency, completeness, and correctness are critical requirements for ensuring the effectiveness of systems architecture. However, without these security requirements, the system is vulnerable to attacks and organization's assets, and its reputation is at risk. Moreover, it increases the cost and time to fix the security problem. Therefore, to avoid such problems security requirements need to be identified more precisely and consistently. Realizing the benefits of assurance case, A conceptual framework is proposed for identification of security requirements correctness, consistency and completeness using assurance case. Objective of the proposed conceptual framework to assist the security requirement engineer to identify the security requirements using assurance case during requirement phase i.e., the security requirements are correct, complete, and consistent. The proposed conceptual framework involves five phases: (1) assets identification, (2) threat identification, (3) security objectives, (4) security requirements identification and (5) security requirement assessment. © 2023 IEEE.
Item Type: | Conference or Workshop Item (UNSPECIFIED) |
---|---|
Impact Factor: | cited By 0; Conference of 8th IEEE International Conference on Software Engineering and Computer Systems, ICSECS 2023 ; Conference Date: 25 August 2023 Through 27 August 2023; Conference Code:192961 |
Uncontrolled Keywords: | Artificial intelligence; Computer architecture; Cryptography; Requirements engineering; Specifications, 'current; Asset identification; Assurance case; Conceptual frameworks; Requirement engineering; Security objectives; Security requirements; Security standards; Systems architecture; Threat, Computer software selection and evaluation |
Depositing User: | Mr Ahmad Suhairi Mohamed Lazim |
Date Deposited: | 11 Dec 2023 03:01 |
Last Modified: | 11 Dec 2023 03:01 |
URI: | http://scholars.utp.edu.my/id/eprint/38021 |