Title: Security engineering methods - in-depth analysis

Authors: Shruti Jaiswal; Daya Gupta

Addresses: Department of Computer Science and Engineering, Delhi Technological University (formerly Delhi College of Engineering), Shahbad Daulatpur, Bawana Road, Delhi-110042, India ' Department of Computer Science and Engineering, Delhi Technological University (formerly Delhi College of Engineering), Shahbad Daulatpur, Bawana Road, Delhi-110042, India

Abstract: Providing security to complex information system development is challenging because of complex network and ubiquitous system. Traditional mechanisms address security concerns during development or design phases that may lead to various loopholes or over-constrained system. The field of security engineering has emerged whereby security requirements are gathered along with other requirements during the initial phase of software development. However, dealing with security concerns during the initial phases of development is challenging because of design and code unavailability. The paper first represents the proposals for security requirements engineering based on different approaches such as use case approach, goal-oriented approach, and process-oriented approach. These methodologies are evaluated along various parameters such as security engineering activities covered, application domain and others. The in-depth analysis ends with a recent proposal for security engineering and list of unresolved issues that needs consideration. The outcome of the paper can be exploited to drive further research.

Keywords: security requirements; security engineering; security requirements engineering; security design engineering; security testing.

DOI: 10.1504/IJICS.2017.085135

International Journal of Information and Computer Security, 2017 Vol.9 No.3, pp.180 - 211

Received: 04 Jul 2015
Accepted: 19 Apr 2016
Published online: 13 Jul 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article