A Template-Based Approach To Write Complete Security Requirements For Software Development Environment

A Template-Based Approach To Write Complete Security Requirements For Software Development Environment

Writing quality security requirements contributes to the success of secure software development. It has been a common practice to include security requirements in a software system after the system is defined. Thus, incorporating security requirements at a later stage of software development will in...

Full description

Saved in:
Bibliographic Details
Main Author: Mustafa, Nuridawati
Format: Thesis
Language:English
English
Published: 2020
Subjects:
Q Science (General)
QA Mathematics
Online Access:http://eprints.utem.edu.my/id/eprint/25407/1/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf
http://eprints.utem.edu.my/id/eprint/25407/2/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utem-ep.25407
record_format uketd_dc
institution Universiti Teknikal Malaysia Melaka
collection UTeM Repository
language English
English
advisor Kamalrudin, Massila
topic Q Science (General)
QA Mathematics
spellingShingle Q Science (General)
QA Mathematics
Mustafa, Nuridawati
A Template-Based Approach To Write Complete Security Requirements For Software Development Environment
description Writing quality security requirements contributes to the success of secure software development. It has been a common practice to include security requirements in a software system after the system is defined. Thus, incorporating security requirements at a later stage of software development will increase the risks of security vulnerabilities in software development. However, the process of writing security requirements is tedious and complex. There are a few gaps found in the existing works, categorized into method- related and people-related issues. The method-related issues include the lack of checking on security requirements completeness, security requirements templates, security standards used as reference and automated tool for validation. While, the people-related issues consist of inexperienced requirements engineers, minimal involvement of technical team in defining security requirements and language barriers. Motivated from these gaps, the main objective of this study is to propose a template-based approach to write complete security requirements. This study proposes a new template-based approach to assist the requirements engineers and client-stakeholders for writing complete security requirements. For this, we integrate the template-based approach with security requirements density using probability ratio, syntax-based density using lexical density and security requirements completeness prioritization using numerical assignment. We also developed two new pattern libraries, SecLib and SRCLib to validate the syntax and the completeness of security requirements. Additionally, an automated tool support called SecureMEReq was also developed to realize the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between manual and automated tool as well as usability test were conducted. In summary, the findings of the evaluations show that our approach can contribute to the body of knowledge of requirements engineering, especially in enhancing the completeness of writing security requirements. It is found that the approach is able to enhance the completeness level of security requirements compared to the manual approach and produce a complete generation of security requirements. The results of the usability tests show that the approach is useful and helpful in eliciting complete security requirements of software development and able to ease the security requirements elicitation process.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Mustafa, Nuridawati
author_facet Mustafa, Nuridawati
author_sort Mustafa, Nuridawati
title A Template-Based Approach To Write Complete Security Requirements For Software Development Environment
title_short A Template-Based Approach To Write Complete Security Requirements For Software Development Environment
title_full A Template-Based Approach To Write Complete Security Requirements For Software Development Environment
title_fullStr A Template-Based Approach To Write Complete Security Requirements For Software Development Environment
title_full_unstemmed A Template-Based Approach To Write Complete Security Requirements For Software Development Environment
title_sort template-based approach to write complete security requirements for software development environment
granting_institution Universiti Teknikal Malaysia Melaka
granting_department Faculty of Information and Communication Technology
publishDate 2020
url http://eprints.utem.edu.my/id/eprint/25407/1/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf
http://eprints.utem.edu.my/id/eprint/25407/2/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf
_version_ 1747834120750235648
spelling my-utem-ep.254072021-12-07T16:26:37Z A Template-Based Approach To Write Complete Security Requirements For Software Development Environment 2020 Mustafa, Nuridawati Q Science (General) QA Mathematics Writing quality security requirements contributes to the success of secure software development. It has been a common practice to include security requirements in a software system after the system is defined. Thus, incorporating security requirements at a later stage of software development will increase the risks of security vulnerabilities in software development. However, the process of writing security requirements is tedious and complex. There are a few gaps found in the existing works, categorized into method- related and people-related issues. The method-related issues include the lack of checking on security requirements completeness, security requirements templates, security standards used as reference and automated tool for validation. While, the people-related issues consist of inexperienced requirements engineers, minimal involvement of technical team in defining security requirements and language barriers. Motivated from these gaps, the main objective of this study is to propose a template-based approach to write complete security requirements. This study proposes a new template-based approach to assist the requirements engineers and client-stakeholders for writing complete security requirements. For this, we integrate the template-based approach with security requirements density using probability ratio, syntax-based density using lexical density and security requirements completeness prioritization using numerical assignment. We also developed two new pattern libraries, SecLib and SRCLib to validate the syntax and the completeness of security requirements. Additionally, an automated tool support called SecureMEReq was also developed to realize the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between manual and automated tool as well as usability test were conducted. In summary, the findings of the evaluations show that our approach can contribute to the body of knowledge of requirements engineering, especially in enhancing the completeness of writing security requirements. It is found that the approach is able to enhance the completeness level of security requirements compared to the manual approach and produce a complete generation of security requirements. The results of the usability tests show that the approach is useful and helpful in eliciting complete security requirements of software development and able to ease the security requirements elicitation process. 2020 Thesis http://eprints.utem.edu.my/id/eprint/25407/ http://eprints.utem.edu.my/id/eprint/25407/1/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf text en public http://eprints.utem.edu.my/id/eprint/25407/2/A%20Template-Based%20Approach%20To%20Write%20Complete%20Security%20Requirements%20For%20Software%20Development%20Environment.pdf text en validuser https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=119774 phd doctoral Universiti Teknikal Malaysia Melaka Faculty of Information and Communication Technology Kamalrudin, Massila 1. Afreen, N., Khatoon, A., and Sadiq, M., 2016. A Taxonomy of Software’s Non-functional Requirements. ACM SIGCOMM Computer Communication Review. 2. Agarwal, R., and R.Tanniru, M., 2015. Knowledge acquisition using structured interviewing: an empirical investigation. Journal of Management Information Systems, 7 (1), pp. 123–140. 3. Ahmed, N., and Matuleviˇ, R., 2015. Presentation and Validation of Method for Security Requirements Elicitation from Business Processes. In: Lecture Notes in Business Information Processing book series (LNBIP, volume 204), pp. 20–35. 4. Ahmed, N., and Matulevičius, R., 2014. A Method for Eliciting Security Requirements from the Business Process Models. In: CAiSE (Forum/Doctoral Consortium), pp. 57–64. 5. Alberto Rodrigues da Silva, 2014. Quality of requirements specifications: a preliminary overview of an automatic validation approach. 29th Annual ACM Symposium on Applied Computing, pp. 1021–1022. 6. Ali, N. M., Hosking, J., Huh, J., and Grundy, J., 2009a. Template-based critic authoring for domain-specific visual language tools. 2009 IEEE Symposium on Visual Languages and Human-Centric Computing, VL/HCC 2009, pp. 111–118. 7. Ali, N. M., Hosking, J., Huh, J., and Grundy, J., 2009b. Critic Authoring Templates for Specifying Domain-Specific Visual Language Tool Critics. In 2009 Australian Software Engineering Conference, pp. 81–90. 8. Alroobaea, R., and Mayhew, P.J., 2014. How Many Participants Are Really Enough For Usability Studies? In: Science and Information Conference, SAI 2014, pp. 48–56. 9. Alshazly, A.A., Elfatatry, A.M., and Abougabal, M.S., 2014. Detecting Defects in Software Requirements Specification. Alexandria Engineering Journal, 53 (3), pp. 513–527. 10. Alspaugh, T.A., Sim, S.E., Winbladh, K., Diallo, M.H., Naslavsky, L., Ziv, H., and Richardson, D.J., 2006. The Importance of Clarity in Usable Requirements Specification Formats. Technical Report UCI-ISR-06-14, Institute for Software Research, University of California, Irvine. 11. Analyze My Writing [online], 2018. Available at: http://www.analyzemywriting.com/index.html [Accessed 23 Jul 2018]. 12. Andrew P. Moore, Robert J. Ellison, and Richard C. Linger, 2001. Attack Modeling for Information Security and Survivability. Carnegie-Mellon University Pittsburgh Pa Software Engineering Institute. 13. Antón, A.I., and Earp, J.B., 2001. Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems. 1st Workshop on Security and Privacy in E-Commerce at CCS2000. 14. Antonino, P.O., Trapp, M., and Venugopal, A., 2015. Automatic Detection of Incomplete and Inconsistent Safety Requirements. 15. Antonio da Silva, M., and Danziger, M., 2015. The Importance Of Security Requirements Elicitation And How To Do It. In: PMI® Global Congress 2015, pp. 1–12. 16. Anuar, U., Ahmad, S., and Emran, N.A., 2015. A Simplified Systematic Literature Review: Improving Software Requirements Specification Quality With Boilerplates. In: 2015 9th Malaysian Software Engineering Conference (MySEC), pp. 99–105. 17. Asnar, Y., and Giorgini, P., 2006. Modelling Risk and Identifying Countermeasure in Organizations. In Springer International Workshop on Critical Information Infrastructures Security, pp. 55–66. 18. Asnar, Y., Giorgini, P., Massacci, F., and Zannone, N., 2007. From Trust to Dependability through Risk Analysis. In The 2nd International Conference on Availability, Reliability and Security (ARES’07), pp. 19–26. 19. Avdeenko, T., and Pustovalova, N., 2015. The Ontology-Based Approach to Support the Completeness and Consistency of the Requirements Specification. In International Siberian Conference on Control and Communications (SIBCON 2015), pp. 1–4. 20. Azadegan, A., Papamichail, K. N., and Sampaio, P., 2013. Applying collaborative process design to user requirements elicitation: A case study. Computers in Industry, 64(7), pp. 798–812. 21. Banerjee, A., Sharma, M., Banerjee, C., and Pandey, S. K., 2015. Research on Security Requirements Engineering: Problems and Prospects. MATRIX Academic International Online Journal of Engineering and Technology, III(1), pp. 32–35. 22. Banerjee, C., Banerjee, A., and Sharma, S., 2017. Use Case and Misuse Case in Eliciting Security Requirements: MCOQR Metrics Framework Perspective. International Journal of Modern Electronics and Communication Engineering (IJMECE), 5(3), pp. 35–39. 23. Bano, M., 2016. Addressing the Challenges of Requirements Ambiguity: A Review of Empirical Literature. In: 5th International Workshop on Empirical Requirements Engineering (EmpiRE 2015), pp. 21–24. 24. Beckers, K., Côté, I., and Goeke, L., 2014. A Catalog of Security Requirements Patterns for the Domain of Cloud Computing Systems. In ACM The 29th Symposium on Applied Computing, pp. 337–342. 25. Berander, P., and Andrews, A., 2005. Requirements Prioritization. In Springer Engineering and Managing Software Requirements, pp. 69–94. 26. Blackwell, A. F., Britton, C., Cox, A., Green, T. R. G., Gurr, C., and Kadoda, G., 2001. Cognitive Dimensions of Notations: Design Tools for Cognitive Technology. In Cognitive Technology: Instruments of Mind, Springer Berlin / Heidelberg, pp. 325–341. 27. Boehm, B.W., 1984. Verifying and Validating Software Requirements and Design Specifications. IEEE Software, 1(1), pp. 75–88. 28. Boota, M.W., Ahmad, N., and Masoom, A.H., 2014. Requirement Engineering Issues and Their Solutions. International Journal of Engineering and Technical Research (IJETR), 2 (11), pp. 50–56. 29. Boote, J., 2016. Are You Making Software Security a Requirement? | Synopsys [online]. Available at: https://www.synopsys.com/blogs/software-security/software-security-requirement/ [Accessed 1 Nov 2017]. 30. Brooke, P. J., and Paige, R. F., 2003. Fault Trees For Security System Design And Analysis. Computers and Security, 22(3), pp. 256–264. 31. Castillo-Montoya, M., 2016. Preparing for Interview Research : The Interview Protocol Refinement Framework. The Qualitative Report, 21(5), pp. 811–831. 32. Christensen, L. B., Johnson, R. B., and Turner, L. A., 2010. Research Methods, Design, and Analysis, 11th ed., Pearson Education. 33. Creswell, J. W., 2013. Research Design Qualitative, Quantitative and Mixed Methods Approaches, SAGE Publications. 34. Daley, J., 2017. Insecure Software Is Eating The World: Promoting Cybersecurity In An Age Of Ubiquitous Software-Embedded Systems. Stanford Technology Law Review. 19 (3), pp. 553-546. 35. Daller, H., 2003. Lexical Richness in the Spontaneous Speech of Bilinguals. Applied Linguistics, 24(2), pp. 197–222. 36. Daud, M.I., 2010. Secure Software Development Model: A Guide for Secure Software Life Cycle S. In: International Multi Conference of Engineers and Computer, pp. 17–19. 37. Davis A. M., and Didar Zowghi, 2006. Good Requirements Practices Are Neither Necessary Nor Sufficient. Requirements Engineering, 11 (1), pp. 1–3. 38. Davis, S., Bogen, P., Cifuentes, L., Francisco-Revilla, L., Furuta, R., Hubbard, T., Karadkar, U. P., Pogue, D., and Shipman, F., 2006. Template-based Authoring of Educational Artifacts. Proceedings of the 6th ACM/IEEE-CS Joint Conference on Digital Libraries, pp. 242–243. 39. Den Braber, F., Hogganvik, I., Lund, S., Stølen, K., and Vraalsen, F., 2007. Model-based Security Analysis in Seven Steps-A Guided Tour to the CORAS Method. BT Technology Journal, 25(1), pp. 101–117. 40. Decke, H., and Seifert, J. -P., 2015. Checking and Verifying Security Requirements with the Security Engineering System Model Core. In The Fourth International Conference on Advances in Vehicular Systems, Technologies and Applications, Vehicular 2015. pp. 26–35. 41. Denger, C., Berry, D. M., and Kamsties, E., 2003. Higher quality requirements specifications through natural language patterns. Proceedings 2003 Symposium on Security and Privacy, pp. 80–90. 42. DeVries, B., and Cheng, B. H. C., 2016. Automatic Detection Of Incomplete Requirements Via Symbolic Analysis. In Proceedings of the ACM/IEEE 19th International Conference on Model Driven Engineering Languages and Systems - MODELS ’16, pp. 385–395. 43. Dinkar, S. K., 2014. Requirement Engineering Errors: Errors and Ambiguities of Visualization. International Journal of Computer Applications, 92(12), pp. 19–23. 44. Dong, Z., Liu, C., Bateni, S., Chen, K. -H., Chen, J. -J., Bruggen, G. von der, and Shi, J., 2018. Shared-Resource-Centric Limited Preemptive Scheduling: A Comprehensive Study of Suspension-Based Partitioning Approaches. In 2018 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 164–176. 45. El-Attar, M., 2012. Towards Developing Consistent Misuse Case Models. Journal of Systems and Software, 85(2), pp. 323–339. 46. El-Hadary, H., and El-Kassas, S., 2014. Capturing Security Requirements for Software Systems. Journal of Advanced Research, 5(4), pp. 463–472. 47. Elahi, G., and Yu, E., 2007. A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs. In Springer International Conference on Conceptual Modeling, pp. 375–390. 48. Fabbrini, F., Fusani, M., Gnesi, S., and Lami, G., 2001. The Linguistic Approach to the Natural Language Requirements Quality: Benefit of the use of an Automatic Tool. In Proceedings 26th Annual NASA Goddard Software Engineering Workshop, pp. 95–105. 49. Farkhani, T. R., and Razzazi, M. R., 2006. Examination and Classification of Security Requirements of Software Systems. In IEEE The 2nd International Conference on Information and Communication Technologies, pp. 2778–2783. 50. Felderer, M., and Beer, A., 2013. Using Defect Taxonomies For Requirements Validation In Industrial Projects. In IEEE The 21st International Requirements Engineering Conference, RE 2013, pp. 296–301. 51. Ferrari, A., Dell’Orletta, F., Spagnolo, G. O., and Gnesi, S., 2014. Measuring and Improving the Completeness of Natural Language Requirements. In Lecture Notes in Computer Science Book Series (LNCS), pp. 23–38. 52. Firesmith, D., 2003a. Specifying Good Requirements. Journal of Object Technology, 2 (4), pp. 77–87. 53. Firesmith, D., 2003b. Analyzing and Specifying Reusable Security Requirements. In: IEEE 11th International Conference on Requirements Engineering, RHAS 2003. pp. 507–514. 54. Firesmith, D., 2003c. Engineering Security Requirements. Journal of Object Technology, 2 (1), pp. 53–68. 55. Firesmith, D., 2003d. Security Use Cases. Journal of Object Technology, 2 (3), pp. 53–64. 56. Firesmith, D., 2007a. Common Requirements Problems, Their Negative Consequences, and the Industry Best Practices to Help Solve Them. Journal Of Object Technology, 6 (1), pp. 17–33. 57. Firesmith, D.G., 2007b. Engineering Safety And Security Related Requirements For Software Intensive Systems. In: 29th International Conference on Software Engineering (ICSE 2007). pp. 169. 58. Foddy, W., 1993. Constructing questions for interviews and questionnaires. Cambridge University Press. 59. George, D., and Paul Mallery, W., 2003. SPSS for Windows Step by Step A Simple Guide and Reference Fourth Edition (11.0 update) Answers to Selected Exercises, MA: Allyn & Bacon. 60. Gerson, R., Azevedo, D.A., Costa, R., Santos, M., Araújo, E.C., Fernando, L., Soares, G., Salles, C. De, and Neto, S., 2013. Multimedia Authoring Based on Templates and Semi-, pp. 205–214. 61. Green, T., and Blackwell, A., 1998. Cognitive Dimensions of Information Artefacts:A Tutorial. In BCS HCI Conference, (98), pp. 1–75. 62. Guest, G., Bunce, A., and Johnson, L., 2006. How Many Interviews Are Enough? An Experiment with Data Saturation and Variability. Field Methods, 18 (1), pp. 59–82. 63. Gürses, S. F., 2006. Contextualizing Security Goals: A Method for Multilateral Security Requirements Elicitation. In: Proceedings - Series of the Gesellschaft fur Informatik. pp. 42–53. 64. Gürses, S. F., Berendt, B., and Santen, T., 2006. Multilateral Security Requirements Analysis for Preserving Privacy in Ubiquitous Environments. In Proceedings of Workshop on Ubiquitous Knowledge Discovery for Users (UKDU’06), pp. 51–64. 65. Haley, C.B., Laney, R., Moffett, J.D., and Nuseibeh, B., 2008. Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering, 34 (1), pp. 133–153. 66. Hatebur, D., Heisel, M., and Schmidt, H., 2006. Security Engineering Using Problem Frames. In Emerging Trends in Information and Communication Security, pp. 238–253. 67. Heinonen, S., and Tanner, H., 2010. Early Validation of Requirements in Distributed Product Development – An Industrial Case Study. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), pp. 279–288. 68. Hickey, A. M., and Davis, A. M., 2003. Elicitation Technique Selection : How Do Experts Do It ? In Proceedings of the 11th IEEE International Requirements Engineering Conference, pp. 169–178. 69. Höst, M., Regnell, B., and Wohlin, C., 2000. Using Students as Subjects—A Comparative Study of Students and Professionals in Lead-Time Impact Assessment. In: Empirical Software Engineering, pp. 201–214. 70. Holtmann, J., Meyer, J., and Von Detten, M., 2011. Automatic validation and correction of formalized, textual requirements. Proceedings - 4th IEEE International Conference on Software Testing, Verification, and Validation Workshops, ICSTW 2011, pp. 486–495. 71. Houmb, S. H., Islam, S., Knauss, E., Jürjens, J., and Schneider, K., 2010. Eliciting Security Requirements And Tracing Them To Design: An Integration Of Common Criteria, Heuristics, and UMLsec. Springer Requirements Engineering, 15 (1), pp. 63–93. 72. Ian Sommerville, 2007. Domain Requirements [online]. Software Engineering, Addison-Wesley Publishing Company, 2007. Available at: https://ifs.host.cs.st-andrews.ac.uk/Books/SE9/Web/Requirements/DomainReq.html [Accessed 22 Jan 2019]. 73. Ian Sommerville, 2015. Software Engineering, 10th ed., Pearson/Addison-Wesley. IEEE, 1998. IEEE Recommended Practice for Software Requirements Specifications. IEEE Std 830-1998. 74. IEEE, 1984. IEEE Guide to Software Requirements Specifications. IEEE Computer Society. ISO/IEC, 2016. International Standard ISO/IEC 27000 (Information Technology — Security Techniques — Information Security Management Systems — Overview and Vocabulary). 75. ISO/IEC, 2011. ISO/IEC 15408-2 Information technology-Security techniques- A framework for identity management - Part 1: Terminology and concepts. Switzerland: ISO. 76. Jindal, R., Malhotra, R., and Jain, A., 2016. Automated Classification of Security Requirements. In International Conference on Advances in Computing, Communications and Informatics (ICACCI 2016), pp. 2027–2033. 77. Johansson, V., 2009. Lexical Diversity and Lexical Density in Speech and Writing: A Developmental Perspective. Working Papers in Linguistics. 78. José Francisco Cerezo, C., Jürjens, J., and Großer, K., 2016. Comparative Evaluation of Template-Systems for Requirements Documentation. 79. Jurjens, J., 2002. UMLsec: Extending UML For Secure Systems Development. In: International Conference on The Unified Modeling Language 2002, pp. 412–425. 80. Kamalrudin, M., 2009. Automated Software Tool Support for Checking the Inconsistency of Requirements. In IEEE/ACM International Conference on Automated Software Engineering, pp. 693–697. 81. Kamalrudin, M., Grundy, J., and Hosking, J., 2012. MaramaAI: tool support for capturing and managing consistency of multi-lingual requirements. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering - ASE 2012. New York, New York, USA: ACM Press, pp. 326–329. 82. Kamalrudin, M., Grundy, J., and Hosking, J., 2011. Automated Support for Consistency Management and Validation of Requirements. The University of Auckland. 83. Kamalrudin, M., Grundy, J., and Hosking, J., 2010. Tool Support For Essential Use Cases To Better Capture Software Requirements. In ACM The International Conference on Automated Software Engineering, ASE 2010. New York, New York, USA: ACM Press, pp. 255–264. 84. Kamalrudin, M., Mustafa, N., and Sidek, S., 2017a. A Preliminary Study: Challenges In Capturing Security Requirements And Consistency Checking By Requirement Engineers. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10 (1–7), pp. 5–9. 85. Kamalrudin, M., Mustafa, N., and Sidek, S., 2017b. A Template For Writing Security Requirements. In Submitted to APRES 2017. Communications in Computer and Information Science, vol 809. Springer, Singapore. 86. Kamsties, E., 2005. Understanding Ambiguity in Requirements Engineering. In Engineering and Managing Software Requirements. Berlin/Heidelberg: Springer-Verlag, pp. 245–266. 87. Kamsties, E., and Paech, B., 2000. Taming Ambiguity in Natural Language Requirements. In The Thirteenth International Conference on System and Software Engineering and their Applications, pp. 1-8. 88. Kar, P., and Bailey, M., 1996. Requirements Management Working Group: Characteristics of Good Requirements. INCOSE International Symposium, 6(1), pp. 1225-1233. 89. Kendall, K. E., and Kendall, J. E., 2010. Systems analysis and design, Prentice Hall Press. Kitchenham, B., 2004. Procedures for Performing Systematic Reviews. Keele University, 33, pp. 1-26. 90. Kitchenham, B., Pretorius, R., Budgen, D., Brereton, O. P., Turner, M., Niazi, M., and Linkman, S., 2010. Systematic literature reviews in software engineering – A tertiary study. Information and Software Technology, 52, pp. 792–805. 91. Kitchenham, B. A., and Charters, S., 2007. Guidelines for performing systematic literature reviews in software engineering. EBSE Technical Report. 92. Kof, L., Gacitua, R., Rouncefield, M., and Sawyer, P., 2010. Ontology and Model Alignment as a Means for Requirements Validation. In 2010 IEEE Fourth International Conference on Semantic Computing, pp. 46–51. 93. Kotonya, G., and Sommerville, I., 1998. Requirements engineering: processes and techniques. Wiley Publishing. 94. Kresge, M. W., 2011. A Comparison Of Resource‐Centric Vs. People‐Centric Approaches To Open Space Planning: A Case Study In Jaffrey, University of Massachusetts Amherst. 95. Kutar, M., Britton, C., and Wilson, J., 2000. Cognitive Dimensions – An Experience Report. In 12th Workshop of the Psycology of Programming Interest Group. Cozenza Italy, pp. 81–98. 96. Lamsweerde, A. van, 2009. Requirements Engineering From System Goals to UML Models to Software Specification. 2nd ed., Wiley Publishing. 97. Lamsweerde, A. Van, Darimont, R., and Letier, E., 1998. Managing Conflicts In Goal-Driven Requirements Engineering. IEEE Transactions on Software Engineering, 24 (11), pp. 908–926. 98. Li, A., and Zhang, Z., 2015. Analysis of Requirements Incompleteness using Metamodel Specification. University of Tampere. 99. Lin, L. -C., Nuseibeh, B., Ince, D., Jackson, M., and Moffett, J., 2004. Analysing Security Threats and Vulnerabilities Using Abuse Frames. The Third International Workshop on Automatic Verification of Infinite-State Systems, ETAPS 2004. 100. Lin, L. -C., Nuseibeh, B., Ince, D., Jackson, M., and Moffett, J., 2003. Introducing Abuse Frames For Analysing Security Requirements. In The 11th IEEE International Requirements Engineering Conference, pp. 371–372. 101. Lodderstedt, T., Basin, D., and Doser, J., 2002. SecureUML: A UML-Based Modeling Language for Model-Driven Security. In Springer International Conference on the Unified Modeling Language, pp. 426–441. 102. Lund, A. M., 2001. Measuring Usability with the USE Questionnaire. Usability Interface 8, 8(2), pp. 3–6. 103. Mai, P. X., Goknil, A., Shar, L. K., Pastore, F., Briand, L. C., and Shaame, S., 2018. Modeling Security and Privacy Requirements: a Use Case-Driven Approach. Information and Software Technology, 100, pp. 165–182. 104. Marchewka, J. T., 2014. Information Technology Project Management, John Wiley & Sons. 105. Marques-lucena, C., Agostinho, C., Marcelino-jesus, E., Joao Sarraipa, and Jardim-goncalves, R., 2015. Collaborative Management of Requirements using Semantic Wiki Modules. In International Conference on Control System and Science, pp. 665–672. 106. Matsugu, B., 2018. Poor Requirements - What impact do they have? [online]. Available at: https://www.blueprintsys.com/blog/poor_requirements_what_impact_do_they_have/ [Accessed 23 Jul 2018]. 107. Mayer, N., Rifaut, A., and Dubois, E., 2005. Towards a Risk-Based Security Requirements Engineering Framework. In 11th International Workshop on Requirements Engineering: Foundation for Software Quality. In Conjunction with CAiSE 2005, pp. 1-15. 108. McDermott, J., 2001. Abuse-Case-based Assurance Arguments. In Annual Computer Security Applications Conference (ACSAC 2001), pp. 366–375. 109. McDermott, J., and Fox, C., 1999. Using Abuse Case Models For Security Requirements Analysis. In: 15th Annual Computer Security Applications Conference (ACSAC’99), pp. 55–64. 110. Mead, N. R., and Stehney, T., 2005. Security Quality Requirements Engineering (SQUARE) Methodology. In Software Engineering for Secure Systems-Building Trustworthy Applications (SESS ’05), 30(4), pp. 1–7. 111. Mellado, D., Blanco, C., Sánchez, L. E., and Fernández-Medina, E., 2010. A Systematic Review Of Security Requirements Engineering. Computer Standards and Interfaces, 32, pp. 153–165. 112. Mellado, D., Fernández-Medina, E., and Piattini, M., 2007. A Common Criteria Based Security Requirements Engineering Process For The Development Of Secure Information Systems. Computer Standards and Interfaces, 29 (2), pp. 244–253. 113. Moketar, N. A., Kamalrudin, M., Sidek, S., Robinson, M., and Grundy, J., 2016. An Automated Collaborative Requirements Engineering Tool For Better Validation Of Requirements. In 31st IEEE/ACM International Conference on Automated Software Engineering (ASE 2016), pp. 864–869. 114. Morgan, S., 2016. Hackerpocalypse: A Cybercrime Revelation [online]. Available at: https://cybersecurityventures.com/hackerpocalypse-original-cybercrime-report-2016/ [Accessed 22 May 2020]. 115. Motil, A., Hamid, B., Lanusse, A., Bruel, J. -M., Motii, A., Hamid, B., Lanusse, A., and Jean-Michel, B., 2015. Guiding the Selection of Security Patterns Based on Security Requirements and Pattern Classification. In ACM The 20th European Conference on Pattern Languages of Programs, pp. 1-17. 116. Mouratidis, H., and Giorgini, P., 2007. Secure Tropos: A Security-Oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering, 17 (02), pp. 285–309. 117. Mustafa, N., Kamalrudin, M., and Sidek, S., 2018. Writing a Good Security Requirements. The Turkish Online Journal of Design, Art and Communication (TOJDAC), 2146–5193 (September), pp. 2503–2511. 118. Navigli, R., and Velardi, P., 2004. Learning Domain Ontologies from Document Warehouses and Dedicated Web Sites. Computational Linguistics, 30 (2), pp. 151–179. 119. Oikawa, S., and Rajkumar, R., 1996. A Resource-Centric Approach to Multimedia Operating Systems. In IEEE Real-Time Systems Symposium Workshop on Resource Allocation Problems in Multimedia Systems, pp. 1-8. 120. Ong, M. I. U., Ameedeen, M. A., and Kamarudin, I. E., 2018. Meta-Requirement Method Towards Analyzing Completeness of Requirements Specification. In Future Technologies Conference. pp. 444–454. 121. Pawlowski, R. P., Phipps, E. T., and Salinger, A. G., 2012. Automating embedded analysis capabilities and managing software complexity in multiphysics simulation, Part I : Template-based generic programming, 20, pp. 197–219. 122. Pfleeger, S.L., and Atlee, J.M., 2009. Software Engineering: Theory and Practice, 4th ed., Pearson Education. 123. Picardi, C. A., and Masick, K. D., 2014. Research Methods: Designing and Conducting Research with a Real-World Focus, SAGE Publications. 124. Puntambekar, A.A., 2018. Software Engineering, 2nd ed., Technical Publications. 125. Riaz, M., King, J., Slankas, J., and Williams, L., 2014a. Hidden In Plain Sight: Automatically Identifying Security Requirements From Natural Language Artifacts. In IEEE 22nd International Requirements Engineering Conference, pp. 183–192. 126. Riaz, M., Slankas, J., King, J., and Williams, L., 2014b. Using Templates To Elicit Implied Security Requirements From Functional Requirements - A Controlled Experiment. In ACM The 8th International Symposium on Empirical Software Engineering and Measurement, pp. 22. 127. Riaz, M., 2016. Inferring Security Requirements from Natural Language Requirements Artifacts. (Doctoral dissertation, North Carolina State University). Retrieved from https://repository.lib.ncsu.edu/bitstream/handle/1840.16/11378/etd.pdf?sequence=2 128. Riaz, M., Elder, S., and Williams, L., 2016a. Systematically Developing Prevention, Detection, and Response Patterns for Security Requirements. In Requirements Engineering Conference Workshops (REW), pp. 62–67. 129. Riaz, M., King, J., Slankas, J., Williams, L., Massacci, F., Quesada-lópez, C., and Jenkins, M., 2016b. Identifying the Implied: Findings from Three Differentiated Replications On The Use Of Security Requirements Templates. Empirical Software Engineering, 22 (4), pp. 2127–2178. 130. Riaz, M., Stallings, J., Singh, M. P., Slankas, J., and Williams, L., 2016c. DIGS – A Framework for Discovering Goals for Security Requirements Engineering. In ACM International Symposium on Empirical Software Engineering and Measurement (ESEM2016), pp. 35. 131. Riaz, M., and Williams, L., 2012. Security Requirements Patterns: Understanding The Science Behind The Art Of Pattern Writing. In IEEE 2nd International Workshop on Requirements Patterns (RePa 2012), pp. 29–34. 132. Roberts, C., 2006. Do Your IT Projects Suffer from Requirements Clarity Issues? [online]. Available at: https://www.stickyminds.com/article/do-your-it-projects-suffer-requirements-clarity-issues [Accessed 23 Jul 2018]. 133. Robertson, S., and Robertson, A. J., 2012. Mastering the Requirements Process, 3rd ed., Addison-Wesley Professional. 134. Salini, P., and Kanmani, S., 2012a. Survey and Analysis on Security Requirements Engineering. Computers and Electrical Engineering, 38, pp. 1785–1797. 135. Salini, P., and Kanmani, S., 2012b. Elicitation of Security Requirements for E-Health System by Applying Model Oriented Security Requirements Engineering (MOSRE) Framework. In ACM The Second International Conference on Computational Science, Engineering and Information Technology, pp. 126–131. 136. Sánchez-Gordón, M.-L., Colomo-Palacios, R., Sánchez, A., De Amescua Seco, A., and Larrucea, X., 2017. Towards the Integration of Security Practices in the Software Implementation Process of ISO/IEC 29110: A Mapping. In: European Conference on Software Process Improvement (EuroSPI 2017), pp. 3–14. 137. Saqi, S. B., and Ahmed, S., 2008. Requirements Validation Techniques practiced in industry : Studies of six companies. Blekinge Institute of Technology. 138. Schmitt, C., and Liggesmeyer, P., 2015. A Model for Structuring And Reusing Security Requirements Sources and Security Requirements. In: 21st International Working Conference on Requirement Engineering: Foundation For Software Quality (REFSQ 2015), pp. 34–43. 139. Schneider, K., Knauss, E., Houmb, S., Islam, S., and Jürjens, J., 2012. Enhancing Security Requirements Engineering by Organizational Learning. In Requirements Engineering, 17(1), pp. 35–56. 140. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., and Sommerlad, P., 2006. Security Patterns: Integrating Security and Systems Engineering, John Wiley & Sons. 141. Sharma, R., and Biswas, K.K., 2013. Resolving Inconsistency and Incompleteness Issues in Software Requirements. In: Springer Managing Requirements Knowledge, pp. 315–332. 142. Sindre, G., Firesmith, D. G., and Opdahl, A. L., 2003. A Reuse-Based Approach To Determining Security Requirements. In 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ 2003), pp. 127–136. 143. Sindre, G., and Opdahl, A. L., 2001a. Templates for Misuse Case Description. In The 7th International Workshop on Requirements Engineering, Foundation for Software Quality, pp. 125–136. 144. Sindre, G., and Opdahl, A. L., 2001b. Capturing Security Requirements Through Misuse Cases. In Norsk Informatikkonferanse, NIK 2001, http://www. nik. no/2001. 145. Sindre, G. and Opdahl, A. L., 2005. Eliciting Security Requirements With Misuse Cases. Requirements Engineering, 10 (1), pp. 34–44. 146. Slankas, J., Riaz, M., King, J., and Williams, L., 2014. Discovering Security Requirements from Natural Language Project Artifacts. In: 36th International Conference on Software Engineering, pp. 1–12. 147. Sommerville, I., 2011. Software Engineering, 9th Edition, 6th ed., Addison-Wesley Publishers Limited. 148. Sommerville, I., 2004. Software Engineering, International computer science series. Pearson/Addison-Wesley. 149. Suma, V., and Shubhamangala, B. R., 2013. A Comprehensive Analysis of Factors Influencing Quality of Requirements. Lecture Notes on Software Engineering, 1(2), pp. 199–203. 150. Sven, T., 2017. The Trouble With Security Requirements. In: IEEE 25th International Requirements Engineering Conference (RE2017), pp. 122–133. 151. SWEBOK, 2019. Chapter 1: Software Requirements - SWEBOK [online]. Available at: http://swebokwiki.org/Chapter_1:_Software_Requirements [Accessed 27 Mar 2019]. Talha, M., 2018. Critical Requirements Engineering Errors Leads to Fails Software Project. The Educational Review, USA, 2 (2), pp. 174–180. 152. UCLA: Statistical Consulting, G., 2016. What does Cronbach’s alpha mean [online]. Available at: https://www.coursehero.com/file/45081779/WHAT-DOES-CRONBACHdocx/ [Accessed 20 Mar 2019]. 153. van Lamsweerde, A., 2004. Elaborating Security Requirements By Construction Of Intentional Anti-Models. In: 26th International Conference on Software Engineering. IEEE Comput. Soc, pp. 148–157. 154. van Lamsweerde, A., 2001. Goal-Oriented Requirements Engineering: A Guided Tour. In: Fifth IEEE International Symposium on Requirements Engineering. IEEE Comput. Soc, pp. 249–262. 155. Viega, J., 2005. Building Security Requirements With CLASP. In Workshop on Software Engineering for Secure Systems—Building Trustworthy Applications, pp. 1–7. 156. Wen, B., Luo, Z., and Liang, P., 2012. Distributed and Collaborative Requirements Elicitation Based on Social Intelligence. In 2012 Ninth Web Information Systems and Applications Conference, pp. 127–130. 157. White, J., and Simon, M.K., 2019. Survey/Interview Validation Rubric for Expert Panel – VREP [online]. Available at: http://dissertationrecipes.com/wp- 158. content/uploads/2011/04/Expert-Validation-v3.pdf [Accessed 20 Mar 2019]. 159. Wixon, D., and Ramey, J., 1996. Field Methods Casebook for Software Design, 1st ed., Wiley Publishing. 160. Yahya, S., Kamalrudin, M., Sidek, S., and Grundy, J., 2014. Capturing Security Requirements Using Essential Use Cases (EUCs). In The First Asia Pacific Requirements Engineering Symposium, pp. 16–30. 161. Yin, L., Liu, J., and Li, X., 2009. Validating requirements model of a B2B system. In Proceedings of the 2009 8th IEEE/ACIS International Conference on Computer and Information Science, pp. 1020–1025. 162. Yu, E. S. K., 1997. Towards Modelling And Reasoning Support For Early-Phase Requirements Engineering. In IEEE 3rd International Symposium on Requirements Engineering, pp. 226–235. 163. Yusop, N., Kamalrudin, M., and Sidek, S., 2015. Security Requirements Validation For Mobile Apps: A Systematic Literature Review. Jurnal Teknologi, 77 (33), pp. 123–137. 164. Yusop, N., Kamalrudin, M., Sidek, S., and Grundy, J., 2016. Automated Support to Capture and Validate Security Requirements for Mobile Apps. In: Communications in Computer and Information Science, pp. 97–112. 165. Zhivich, M., and Cunningham, R.K., 2009. The Real Cost of Software Errors. IEEE Security and Privacy, 2 (2), pp. 87–90. 166. Zowghi, D., and Coulin, C., 2005. Requirements Elicitation: A Survey of Techniques. In Engineering and Managing Software Requirements. Berlin, Heidelberg: Springer, Berlin, Heidelberg, pp. 19–46. 167. Zowghi, D., and Gervasi, V., 2002. The Three Cs of Requirements: Consistency, Completeness, and Correctness. In: International Workshop on Requirements Engineering: Foundations for Software Quality, Essen, Germany: Essener Informatik Beitiage, pp. 155–164. 168. Zowghi, D., and Gervasi, V., 2003. On The Interplay Between Consistency, Completeness, And Correctness In Requirements Evolution. Information and Software Technology, 45 (14), pp. 993–1009.

Similar Items