Title :
On Selecting Appropriate Development Processes and Requirements Engineering Methods for Secure Software
Author :
Khan, Muhammad Umair Ahmed ; Zulkernine, Mohammed
Author_Institution :
Sch. of Comput., Queen´´s Univ. Kingston, Kingston, ON, Canada
Abstract :
To avoid security vulnerabilities, there are many secure software development efforts in the directions of secure software development life cycle processes, security specification languages, and security requirements engineering processes. In this paper, we compare and contrast various secure software development processes based on a number of characteristics that such processes should have. We also analyze security specification languages with respect to desirable properties of such languages. Furthermore, we identify activities that should be performed in a security requirements engineering process to derive comprehensive security requirements. We compare different security requirements engineering processes based on these activities. Our analysis shows that many of the secure software requirements engineering methods lack some of the desired properties. The comparative study presented in this paper will provide guidelines to software developers for selecting specific methods that will fulfill their needs in building secure software applications.
Keywords :
formal specification; security of data; requirement engineering method; secure software; security specification language; software development life cycle process; Application software; Buildings; Computer applications; Computer security; Guidelines; Process design; Programming; Protection; Software engineering; Specification languages; Software security; secure software development process; software security requirements engineering;
Conference_Titel :
Computer Software and Applications Conference, 2009. COMPSAC '09. 33rd Annual IEEE International
Conference_Location :
Seattle, WA
Print_ISBN :
978-0-7695-3726-9
DOI :
10.1109/COMPSAC.2009.206
