Security Requirements Assurance: An Assurance Case Perspective

In the current era, software security requirements domain has changed thoroughly, and has been considered an essential aspect for software quality. Machine learning and artificial intelligence have become the emerging trends to automate the identification and specification of security requirements. As an active research area, security requirements specifications are recognized and persuaded in software engineering and security assurance communities. Overfitting of security requirements after system design can result in security issues in current system architecture. Consistency, completeness, and correctness are critical requirements for ensuring the effectiveness of systems architecture. However, without these security requirements, the system is vulnerable to attacks and organization's assets, and its reputation is at risk. Moreover, it increases the cost and time to fix the security problem. Therefore, to avoid such problems security requirements need to be identified more precisely and consistently. Realizing the benefits of assurance case, A conceptual framework is proposed for identification of security requirements correctness, consistency and completeness using assurance case. Objective of the proposed conceptual framework to assist the security requirement engineer to identify the security requirements using assurance case during requirement phase i.e., the security requirements are correct, complete, and consistent. The proposed conceptual framework involves five phases: (1) assets identification, (2) threat identification, (3) security objectives, (4) security requirements identification and (5) security requirement assessment. © 2023 IEEE.