Identifying Security Requirements Hybrid Technique

There were times when software systems and networks posed no or very little security problems. However, with expanding connectivity during last few years problem of security has been making headlines. This is due to increase in threat environment and breach of security vital to the interest of end users. Keeping in view the security requirements in the present system all the attack points which can be threatened have to be identified, analyzed and remedial measures taken at the initial stage of software development process. The use of multiple techniques is the subject of research for deriving security requirements. In this paper, we are overlapping misuse case and attack trees techniques to propose a new technique named "Hybrid Technique". This Hybrid Technique merges the strengths of misuse cases and attack trees making the system stronger to mitigate weaknesses effectively in large and complex systems. In our approach we firstly identify threats using the concepts of threat modeling, and then map these threats into security requirements using Hybrid Technique. In the case study, we have used this technique for specifying security requirements for wireless hotspots.