Loading [MathJax]/extensions/tex2jax.js

Supporting Requirements Engineers in Recognising Security Issues

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Authors

  • Eric Knauss
  • Siv Houmb
  • Kurt Schneider
  • Shareeful Islam

Research Organisations

External Research Organisations

  • SecureNOK Ltd.
  • University of East London
  • TU Dortmund University

Details

Original languageEnglish
Title of host publicationRequirements Engineering
Subtitle of host publicationFoundation for Software Quality
Pages4-18
Number of pages15
Publication statusPublished - 2011
Event17th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2011 - Essen, Germany
Duration: 28 Mar 201130 Mar 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6606 LNCS
ISSN (Print)0302-9743
ISSN (electronic)1611-3349

Abstract

Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to finish on time and in budget. Principal ideas/results: I , we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identified using a Bayesian classifier. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a workflow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process. We discuss limitations and potential of this approach.

Keywords

    empirical study, natural language processing, requirements analysis, secure software engineering

ASJC Scopus subject areas

Cite this

Supporting Requirements Engineers in Recognising Security Issues. / Knauss, Eric; Houmb, Siv; Schneider, Kurt et al.
Requirements Engineering: Foundation for Software Quality . 2011. p. 4-18 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6606 LNCS).

Research output: Chapter in book/report/conference proceedingConference contributionResearchpeer review

Knauss, E, Houmb, S, Schneider, K, Islam, S & Jürjens, J 2011, Supporting Requirements Engineers in Recognising Security Issues. in Requirements Engineering: Foundation for Software Quality . Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6606 LNCS, pp. 4-18, 17th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2011, Essen, Germany, 28 Mar 2011. https://doi.org/10.1007/978-3-642-19858-8_2
Knauss, E., Houmb, S., Schneider, K., Islam, S., & Jürjens, J. (2011). Supporting Requirements Engineers in Recognising Security Issues. In Requirements Engineering: Foundation for Software Quality (pp. 4-18). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6606 LNCS). https://doi.org/10.1007/978-3-642-19858-8_2
Knauss E, Houmb S, Schneider K, Islam S, Jürjens J. Supporting Requirements Engineers in Recognising Security Issues. In Requirements Engineering: Foundation for Software Quality . 2011. p. 4-18. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-19858-8_2
Knauss, Eric ; Houmb, Siv ; Schneider, Kurt et al. / Supporting Requirements Engineers in Recognising Security Issues. Requirements Engineering: Foundation for Software Quality . 2011. pp. 4-18 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Download
@inproceedings{537bcb0f1607429d9d29a3fb77b22ef6,
title = "Supporting Requirements Engineers in Recognising Security Issues",
abstract = "Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to finish on time and in budget. Principal ideas/results: I , we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identified using a Bayesian classifier. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a workflow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process. We discuss limitations and potential of this approach.",
keywords = "empirical study, natural language processing, requirements analysis, secure software engineering",
author = "Eric Knauss and Siv Houmb and Kurt Schneider and Shareeful Islam and Jan J{\"u}rjens",
year = "2011",
doi = "10.1007/978-3-642-19858-8_2",
language = "English",
isbn = "9783642198571",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "4--18",
booktitle = "Requirements Engineering",
note = "17th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2011 ; Conference date: 28-03-2011 Through 30-03-2011",

}

Download

TY - GEN

T1 - Supporting Requirements Engineers in Recognising Security Issues

AU - Knauss, Eric

AU - Houmb, Siv

AU - Schneider, Kurt

AU - Islam, Shareeful

AU - Jürjens, Jan

PY - 2011

Y1 - 2011

N2 - Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to finish on time and in budget. Principal ideas/results: I , we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identified using a Bayesian classifier. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a workflow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process. We discuss limitations and potential of this approach.

AB - Context & motivation: More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to finish on time and in budget. Principal ideas/results: I , we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identified using a Bayesian classifier. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a workflow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process. We discuss limitations and potential of this approach.

KW - empirical study

KW - natural language processing

KW - requirements analysis

KW - secure software engineering

UR - http://www.scopus.com/inward/record.url?scp=79953098501&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-19858-8_2

DO - 10.1007/978-3-642-19858-8_2

M3 - Conference contribution

AN - SCOPUS:79953098501

SN - 9783642198571

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 4

EP - 18

BT - Requirements Engineering

T2 - 17th International Working Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2011

Y2 - 28 March 2011 through 30 March 2011

ER -

By the same author(s)