Survey and analysis on Security Requirements Engineering

Security Requirements Engineering is a new research area in software engineering, with the realization that security must be analyzed early during the requirements phase. Many researchers are working in this area; however, there is a lack in security requirements treatment. The security requirements are one of the non-functional requirements, which act as constraints on functions of the system. Organizations are depending on information systems for communicating and sharing information. Thus, IT security is becoming central in fulfilling business goals, to guard assets and to create trustworthy systems. To develop systems with adequate security features, it is essential to capture the security requirements. In this paper, we present a view on Security Requirements, issues, types, Security Requirements Engineering (SRE) and methods. We analyzed and compared different methods and found that SQUARE and Security Requirements Engineering Process methods cover most of the important activities of SRE. The developers can adopt these SRE methods and easily identify the security requirements for software systems.

Graphical abstractFigure optionsDownload full-size imageDownload as PowerPoint slideHighlights► Survey and analysis of important Security Requirements Engineering (SRE) methods. ► Security requirements (SR) are to elicited and identified in the early phase of SDLC. ► Threat analysis and modeling should be one of the important activities in SRE. ► As business requirements, SR should also be considered as functional requirements. ► SQUARE or SRE Process can be adopted to elicit and identify security requirements.