Measuring security in requirements engineering

Abstract

The aim of this paper is to measure the security and related verification method in requirements engineering (RE). There are a few existing approaches to measure RE performance like IEEE Software Requirements Specification (SRS) and Security Quality Requirements Engineering (SQUARE). However, these existing approaches have some limitations such as lack of flexibility and require long implementation period. In order to address these issues, this paper intends to propose a new set of tools. First is the Effective Security Check List (ESCL), which is a check list with security questions that should be considered for measuring security. Secondly, the Traceability Matrix(TM), which is a two dimensional matrix to measure security during RE. Thirdly, Requirement Engineering Assessment Document (READ), which is a tool containing all statistical information about security performance during RE. The combination of presented approaches had been implemented in a case study. The outcome results are encouraging and illustrated integrated outcomes within existing RE model. The security level had also been properly measured.