Reusable Knowledge in Security Requirements Engineering: a Systematic Mapping Study

Reusable Knowledge in Security Requirements Engineering: a Systematic Mapping Study

Requirements Eng DOI 10.1007/s00766-015-0220-8 ORIGINAL ARTICLE Reusable knowledge in security requirements engineering: a systematic mapping study Amina Souag • Rau´l Mazo • Camille Salinesi • Isabelle Comyn-Wattiau Received: 31 January 2014 / Accepted: 14 January 2015 Ó Springer-Verlag London 2015 Abstract Security is a concern that must be taken into (3) previous surveys were updated. We conclude that most consideration starting from the early stages of system de- methods should introduce more reusable knowledge to velopment. Over the last two decades, researchers and manage security requirements. engineers have developed a considerable number of methods for security requirements engineering. Some of Keywords Reusability Á Security requirements Á them rely on the (re)use of security knowledge. Despite Knowledge Á Ontologies Á Patterns Á Templates some existing surveys about security requirements engi- neering, there is not yet any reference for researchers and practitioners that presents in a systematic way the existing 1 Introduction and motivation proposals, techniques, and tools related to security knowledge reuse in security requirements engineering. The There is a clear trend nowadays to consider systems se- aim of this paper is to fill this gap by looking into drawing curity at the requirements engineering stage. Formerly, a picture of the literature on knowledge and reuse in se- security requirements were considered as technical choices curity requirements engineering. The questions we address made during implementation, resulting in late and expen- are related to methods, techniques, modeling frameworks, sive attempts to shoehorn security into the system in pro- and tools for and by reuse in security requirements engi- gress. This is particularly true with information systems neering. We address these questions through a systematic (IS). Security requirements engineering (SRE) allows IS mapping study. The mapping study was a literature review developers to predict the threats, their consequences and conducted with the goal of identifying, analyzing, and countermeasures before a system is in place, rather than as categorizing state-of-the-art research on our topic. This a reaction to possibly disastrous attacks [1]. SRE is con- mapping study analyzes more than thirty approaches, cerned with protecting assets from harm [2]. To cope with covering 20 years of research in security requirements these issues, an increasing number of publications, con- engineering. The contributions can be summarized as fol- ference tracks, and workshops in recent years point out the lows: (1) A framework was defined for analyzing and growing interest of researchers and practitioners in pro- comparing the different proposals as well as categorizing viding SRE processes with various frameworks and future contributions related to knowledge reuse and secu- methods. Some of them are extensions of goal-oriented rity requirements engineering; (2) the different forms of approaches, like secure i* [3], secure tropos [4], KAOS, knowledge representation and reuse were identified; and and anti-models [5]. Others are built on the object para- digm, mainly UML-based, such as misuse cases [6], se- curity use cases [7], secure UML [8], and UMLSec [9]. A. Souag (&) Á R. Mazo Á C. Salinesi At a high level of abstraction, every application tends to CRI, Panthe´on Sorbonne University, Paris, France have the same basic kinds of vulnerable assets (e.g., data, e-mail: [email protected] communications, services, hardware components, and I. Comyn-Wattiau personnel). Similarly, these vulnerable assets tend to be CEDRIC-CNAM & ESSEC Business School, Paris, France subject to the same basic kinds of security threats (e.g., 123 Requirements Eng theft, vandalism, unauthorized disclosure, destruction, results and answers of the research questions. Section 6 fraud, extortion, and espionage) from attacks by the same reports the related works. Section 7 discusses threats to basic kinds of attackers (e.g., hackers, crackers, disgruntled validity of our mapping study. Finally, Sect. 8 concludes employees, international cyber terrorists, and industrial this paper. spies) who can be profiled with motivations and their typical levels of expertise and tools. Furthermore, security requirements tend to be even more standardized than their 2 Knowledge reuse in security requirements associated mechanisms. For example, to address the iden- engineering tification and authentication requirements, one may have several choices of architectural mechanisms beyond user Back in 1993, the second International Workshop on ID and passwords [10]. Based on these facts, reuse of re- Software Reusability was held in Lucca, Italy. Most of the quirements could lead to significant savings in develop- papers presented at this event focused on reusing code, ment time and cost [11]. Nowadays, the research design, or architecture. In other words, the thinking was community in SRE as well as practitioners has a vague idea that mainly the hard artifacts—code, object, and so on— of existing literature for handling knowledge reuse among could be reused. Very few papers looked at the idea of existing SRE approaches. For instance, a quick research reuse earlier in the IS life cycle, namely reusing require- indicates that some of the approaches propose a catalog of ments themselves. Active areas of reuse research in the attacks [12], while others rely on patterns [13]. However, a past 20 years include reuse libraries, domain engineering systematic mapping study and analysis of existing security methods and tools, reuse design, design patterns, domain- requirements engineering methods that make (re)use of specific software architecture, software componentry [14], knowledge is still lacking. generators, measurement, and experimentation [15]. This paper presents a structured and systematic mapping Nowadays, the practice of reuse is moving upstream, study of several articles related to knowledge reuse and and reuse is also concerned with more abstract artifacts. security requirements engineering from the last two Requirements are commonly recycled; patterns are ex- decades. changed on the Internet. The notion of reuse at the re- The goals of this research can be summarized as fol- quirements stage is largely accepted by many within the lows: (1) to update existing literature surveys related to community as a desirable aim [16]. For instance, a working SRE with recent researches, (2) to identify the (re)used conference on patterns (Pattern Languages of Programs) is knowledge in SRE, (3) to distinguish the different types of held twice a year and results in the sharing of knowledge knowledge reuse structures in SRE, and (4) to understand and publication of new patterns [17]. their use. Our research method considers the state of the art Requirement reuse can be defined as either taking re- in security requirements literature. More specifically, this quirements that have been written for previous projects and mapping study must find answers to the following ques- then using them for a new project, or writing requirements tions: Do the security requirements engineering methods from scratch at a reasonable level of generality and ab- rely on reusability of knowledge? What are the reusable straction in order to use them over different projects. For elements? How are they represented, modeled? How are instance, it is possible to reuse different types of data, they (re)used? Are the knowledge-based approaches tool ranging from business requirements and functional re- supported? quirements to use cases and test cases. Since requirements A framework was defined to understand the different engineering is the first phase in the software development proposals and classify new contributions in the future. Over process, requirements reuse can empower the software life 100 proposals were analyzed from which the paper reports cycle. Previous research [18] has pointed out that reusing the knowledge reuse situation of 30 methods. the first software products and processes implemented in a The main target audiences of this mapping study are development project can have an impact on the life cycle researchers and especially Ph.D. students in the field of from two basic points of view: (a) allowing the software security requirements, but also tool developers or practi- development resources to be more profitable and (b) pro- tioners who are interested in the field. moting reuse-based development across the entire software The paper is structured as follows. Section 2 presents a process. short introduction to knowledge reuse in security require- During the last decade, given the common nature of ments engineering. Section 3 gives an overview of our security problems across applications and application do- research method. Section 4 presents the process and results mains, researchers paid some attention to the benefits of of the conducted systematic mapping study to get an reuse in SRE process [10]. Security knowledge is hard to overview of existing security requirements approaches acquire. In addition to awareness about potential attacks, based on knowledge reuse. Section 5 summarizes the designing security-critical systems requires knowledge and 123 Requirements Eng security expertise in various fields such as computer net- performed based on these guidelines (cf. Fig. 1), to identify works, operating systems, communication protocols, questions and answers raised by the research community on cryptography algorithms, and access control methods. knowledge

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    33 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us