Examination and Classification of Security Requirements of Software Systems

There exist different classifications of software requirements having direct impact on requirement engineering and software analysis. These classifications usually categorize requirements into two classes of functional and non-functional requirements. Contrary to the non-functional requirements, there are many methods and tools supporting verification, analysis, and design of functional requirements from the early phases of the project. Since security requirements are vital in a system, their kind of classification as functional or non-functional requirements are very important in engineering and development of secure systems. Current approaches consider security requirements as non-functional requirements and security validation and verification are deferred until the test phase. This causes security weakness in the target system and solving security leaks costs very much. Some of the approaches also develop an isolated security engineering process but it puts extra overhead as a non-standard process and decreases integrity of analysis. In this paper, some of the major classifications are examined and compared, and finally, the new classification is proposed