https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
STRUCTURE OF SECURITY REQUIREMENTS:INSIGHTS FROM REQUIREMENTS ELICITATION
Mälardalen University, School of Innovation, Design and Engineering.
2022 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

As IT-systems become more complex they become more susceptible to suffering of security threats and vulnerabilities. Accordingly, security has also become an increasingly growing concern that must be considered before the system has already been designed and put into operation. In particular, at the requirements phase of the Software Development Life Cycle. However, obtaining security requirements is non-trivial in view of requirements engineers’ insufficient knowledge of security terminology. There exist many methods that help to elicit security requirements by using various security concepts. Among the possible methods, this thesis compares Abuse Frame, Misuse Case and Common Criteria methods to identify the common security concepts they use to elicit security requirements and how they link security concepts to the security requirements. The research findings show that the most common security concepts that have been used by the above-mentioned methods are: threat, asset, and countermeasure. These concepts are directly related to security requirements in such manner where security requirements protect assets from harm caused by threats through describing the countermeasures that mitigate the threats and achieve the security objectives. It is also found that two out of three methods used the countermeasure concept as a synonym to a security requirementrather than a security architecture mechanism. A countermeasure is viewed as an abstract statement that describe how to mitigate a threat or eliminate a vulnerability without specifying any technical details or architecture mechanisms.

Place, publisher, year, edition, pages
2022. , p. 27
Keywords [en]
security, requirements, engineering, comparison
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-60013OAI: oai:DiVA.org:mdh-60013DiVA, id: diva2:1698633
Subject / course
Computer Science
Supervisors
Examiners
Available from: 2022-11-04 Created: 2022-09-25 Last updated: 2022-11-04Bibliographically approved

Open Access in DiVA

fulltext(1008 kB)186 downloads
File information
File name FULLTEXT01.pdfFile size 1008 kBChecksum SHA-512
7913d4c9c8bddd60ec3b8a1d5b2f3d50a09065812f4de2d0496b20f3cec2a1b5c36aa2b8d74cc3cbc112a92b5538b04c665677b8ce952da23505378cd7305cae
Type fulltextMimetype application/pdf

By organisation
School of Innovation, Design and Engineering
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 194 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 582 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf