C. Busby-Earle and E.K. Mugisa (Jamaica)
Software security, Requirements engineering, Imposed security dependence, Security concerns, Derived requirements.
Consistency is an important characteristic of well written requirements. The use of requirement boilerplates in developing derived requirements (DR) for the identification of software security concerns makes this requirement attribute crucial. It is challenging in the context of security, to provide requirements engineers (RE) with a flexible and scalable vocabulary for boilerplate placeholder values (BPV) while maintaining consistency in these BPVs. In this paper we propose metadata for defining elements for a list of BPVs that imposes consistency and facilitates the identification of potential security concerns using DRs and the Secure Requirements Writer (SECRET) tool we are developing. We also introduce our concept of imposed security dependence, an important element of the metadata. Finally we demonstrate the use of the model by creating a small, illustrative BPV vocabulary and show how it is integrated into the SECRET tool.
Important Links:
Go Back
