Modeling Security Requirements: Extending SysML with Security Requirements Engineering Concepts

Maskani, Ilham; Boutahar, Jaouad; Houssaïni, Souhaïl El Ghazi El

doi:10.5120/ijais2017451731

Search citation statements

Order By: Relevance

Paper Sections

Select...

B Compasre1

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2018

Publication Types

Select...

Article1

Other1

Relationship

Self Cite1

Independent1

Authors

Journals

Cited by 2 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Once requirements are elicited (through phase 2 or 3), they must be modeled. The model created to be used with CompASRE or other SRE approaches is an extension of SysML requirements diagrams [6] and was presented in detail in previous paper [7]. In phase 4, elicited requirements are categorized and prioritized, then inspected for validation to resolve conflicts and eliminate redundancies.…”

Section: B Compasrementioning

confidence: 99%

Experimental Evaluation of Security Requirements Engineering Benefits

Boutahar¹,

Maskani²,

El³

2018

ijacsa

Self Cite

View full text Add to dashboard Cite

Security Requirements Engineering (SRE) approaches are designed to improve information system security by thinking about security requirements at the beginning of the software development lifecycle. This paper is a quantitative evaluation of the benefits of applying such an SRE approach. The followed methodology was to develop two versions of the same web application, with and without using SRE, then comparing the level of security in each version by running different test tools. The subsequent results clearly support the benefits of the early use of SRE with a 38% security improvement in the secure version of the application. This security benefit reaches 67% for high severity vulnerabilities, leaving only non-critical and easy-tofix vulnerabilities.

show abstract

Section: B Compasrementioning

confidence: 99%