System security requirements: A framework for early identification, specification and measurement of related software requirements

Meridji, Kenza; Al-Sarayreh, Khalid T.; Abran, Alain; Trudel, Sylvie

doi:10.1016/j.csi.2019.04.005

Cited by 15 publications

(18 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The current design phase involves a Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752  broad set of activities and tasks based on the identified requirements and prepared these designed requirements into design components for the products construction phase on the next step of implementations. However, the current design phase built a design model of the product or system design structure; for instance, such designed model is used to evaluate the suitability of the proposed product and communicate the recommended product to others [35][36][37]. There are many proposed models for conventional design processes in academia and the industry; the most commonly used models are presented below: a) Generic design process: Recently, [38] defined six steps for a generic design process that are more general and can apply to any software project.…”

Section: The Results Of the Design Process Survey And Indicatorsmentioning

confidence: 99%

A sustainable procedural method of software design process improvements

Al-Sarayreh

Meridji

Alenezi

et al. 2021

IJEECS

Self Cite

View full text Add to dashboard Cite

In practice, the software process is an intermediate phase for enhancement and improvements the design for different types of software products and help developers to converts the specified requirements into prototypes that implement the design into reality. The objective of this paper is to provide software developers, designers and software engineers who work in small companies with a standards-based process improvement using a procedural method technique including detailed steps for designing the small software systems into their companies. The method used in this paper includes 1) analysis four different types of commonly design processes used by industry such as CMMI, conventional or software process in ISO 19759, generic and engineering design processes. 2) mapping between those four design processes. 3) collect the dispersed design concepts proposed by those four processes. 4) proposed a sustainable procedural method of software design process improvements 5) Illustration of the applicability of the proposed approach using A template-based implementation. The primary result of this study is a guideline procedure with detailed steps for software design process improvements to help and guide developers in small companies to analyze and design a small software scales with limited cost and duration. In conclusion, this paper proposed a method to improve the design process for different kinds of the software systems using a template-based implementation to reduce the cost, effort and time needed in the implementation phase in small companies. The scientific implication behind a template-based implementation helps the system and software engineering to use this template easily in their small companies; because most of the time those engineering developers are responsible for analyzing, designing, implementing and testing their software systems during the whole software life cycle.

show abstract

Section: The Results Of the Design Process Survey And Indicatorsmentioning

confidence: 99%

A sustainable procedural method of software design process improvements

Al-Sarayreh

Meridji

Alenezi

et al. 2021

IJEECS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Recently, there are many published research studies on system and software security issues at the level of functional and NFRs, for instance, in Ref. [1,2] authors proposed a reference model for system NFRs allocated to software security requirements at diferent levels of details (software, system and product levels). Followed by a reference model of security requirements for early identification and measurement of security awareness program [6] where a trade-off model is proposed for software requirements to balance between security and usability issues [7].…”

Section: Functional and Non-functional Security Requirementsmentioning

confidence: 99%

“…Software 'functionalities fall under the concept of functional user requirements (FURs) and refer to the set of functions or services required from the software system, whereas constraints fall under the concept of non-functional requirements (NFRs). It should be noted that a number of such constraints, while referred to as software-NFRs by some authors, are referred to as quality aspects by others' [1].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A reference measurement framework of software security product quality (SPQ ^NFSR )

Al-Sarayreh

Alenezi

Zarour

et al. 2020

IET Information Security

Self Cite

View full text Add to dashboard Cite

Currently, the customer's demands have expressively amplified their expectations of getting software at a high‐quality level. However, the non‐functional requirements of the software products attention have been expanded in both the academic and the industrial fields; so, there is no framework for specifying and measuring such kinds of quality constraints for the security requirements of software product quality. This paper presents an integrated framework of the early specification and measurement of the functional and non‐functional software security requirements. Such a measurement framework would help software and systems engineers to improve product qualities whether the software has already been delivered or has yet to be built. The main steps that have been followed include: identify, specify and measure the software security requirements based on ISO/IEC SQuaRE series of international standards for software product quality. A standard measurement framework used to measure the functional size of the software product quality to develop a functional size measurement of the functional and non‐functional security requirements is described. As a result, a functional size measurement framework of the functional and non‐functional security requirements (SPQNFSR) using international standards is proposed. An automatic teller machine case study for the measurement of security requirements based on perspectives of a software functional user requirements is presented. Finally, it is concluded that it is essential to develop such a functional size measurement framework for functional and non‐functional security requirements to support developers to face the challenges derived from early dealing with such requirements.

show abstract

“…Recently, Meridji et al, [28] used COSMIC to measure security requirements at the function and service level to assist developers in specifying system security requirements in early development stages. To capture the security concept, this study used soft-goal inter-dependency graphs and three main security types: system availability, confidentiality and integrity.…”

Section: Related Work a Measuring Non-functional Requirements Overviewmentioning

confidence: 99%

Evaluating Software Security Change Requests: A COSMIC-Based Quantification Approach

Haoues

Sellami

Ben-Abdallah

et al. 2019

2019 45th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)

View full text Add to dashboard Cite

Software project scope defines functional and nonfunctional requirements. These requirements may change to satisfy the customers' needs. However, the control of scope creep represents one of the success keys in software project management. Changes in non-functional requirements affect the ISO/IEC 25010 quality characteristics such as security, portability, etc. Furthermore, some of these quality characteristics may evolve throughout the software life cycle into functional requirements. In this paper, we explore the use of COSMIC method -ISO/IEC 19761 to quantify and evaluate security change requests. Measuring the functional size of security change requests allows stakeholders to make appropriate decisions about whether to accept, defer, or deny the change.

show abstract

System security requirements: A framework for early identification, specification and measurement of related software requirements

Cited by 15 publications

References 16 publications

A sustainable procedural method of software design process improvements

A sustainable procedural method of software design process improvements

A reference measurement framework of software security product quality (SPQ ^NFSR )

Evaluating Software Security Change Requests: A COSMIC-Based Quantification Approach

Contact Info

Product

Resources

About

System security requirements: A framework for early identification, specification and measurement of related software requirements

Cited by 15 publications

References 16 publications

A sustainable procedural method of software design process improvements

A sustainable procedural method of software design process improvements

A reference measurement framework of software security product quality (SPQ NFSR )

Evaluating Software Security Change Requests: A COSMIC-Based Quantification Approach

Contact Info

Product

Resources

About

A reference measurement framework of software security product quality (SPQ ^NFSR )