Abstract image of a woman sitting on books and studying on a laptop

SSE_T3_LEC3_2024.pptx asdasdasdasdasdada

Download as PPTX, PDF
R
RahulRajendrakumar1

The document discusses software requirements elicitation, focusing on software security requirements and the Security Quality Requirements Engineering (SQUARE) method developed by Carnegie Mellon University. It outlines the process of identifying and prioritizing security requirements through nine discrete steps, emphasizing the importance of stakeholder involvement and the use of various elicitation techniques. Additionally, it highlights the distinctions between functional and non-functional requirements and provides examples of each.

Engineering
1 of 55
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Outlin e 1 • Software requirements elicitation • Quality criteria for requirements • Software security requirements • Security requirements examples
Software Development Phases 2
Software Requirement Engineering 3 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
Software Requirements Elicitation 4 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
Software Requirements Elicitation 5 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
Software Stakeholder 6 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
Software Customer 7 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law [A customer is an] individual or organization that derives either direct or indirect benefit from a product. Software customers might request, pay for, select, specify, use, or receive the output generated by a software product.”
Requirements Elicitation Techniques 8 Source: Top 5 Requirements Elicitation Techniques for Business Analysts, Techcanvass
Interviews 9 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
Workshops 10 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
Observations 11 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Brainstorming/focus group 12 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Document Analysis 13 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide most commonly used/easiest method to collect software requirements
Quality criteria for requirements 14 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 15 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 16 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 17 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 18 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 19 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 20 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 21 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 22 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 23 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 24 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 25 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Quality criteria for requirements 26 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
Security Quality Requirements Engineering These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 27 • Security Quality Requirements Engineering (SQUARE) • Developed by the Networked Systems Survivability program at the SEI, Carnegie Mellon University. – A method to elicit, categorise, and prioritise security requirements for software systems and applications. – This method focuses on developing security concepts at the early stages of a software system’s development life cycle. – The method is also used for documenting and analysing the security aspects of existing systems for modifications and evolution. – This method can also be used with existing requirements engineering process
SQUARE – Some Details These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 28 • Who is involved? – Stakeholders of the project – Requirement engineers with security expertise • In SQUARE, security requirements are: – Treated at the same time as the system’s functional requirements, AND – Specified in the early stages of the SDLC (software development lifecycle) – Specified in similar ways as software requirements engineering and practices – Determined through a process of nine discrete steps
SQUARE Steps These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 29 • 1. Agree on definitions. • 2. Identify assets and security goals. • 3. Develop artifacts to support security requirements definition. • 4. Assess risks. • 5. Select elicitation technique(s). • 6. Elicit security requirements. • 7. Categorize requirements. • 8. Prioritize requirements. • 9. Inspect requirements.
SQUARE Steps These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 30 1. the first task for the organization is to agree on a common set of security definitions, followed by the definition of organizational security goals. 2. These security goals may be derived from business application goals, potential threats to project assets, and management controls and policy. 3. The requirements engineer can then develop artifacts (network maps and diagrams, attack trees, and use/misuse cases) that will aid in the elicitation of security requirements. 4. Next, a formal risk assessment allows the organization to understand how the likelihood and impact of various threats can affect the project’s security goals and assets. 5. At this point in the SQUARE process, the requirements engineer must select one or more requirements-elicitation techniques appropriate for the organization’s culture, expertise, level of security required, and nature of the system being developed. 6. The selected techniques are subsequently used to elicit an initial set of security requirements in the form of operational constraints on the system. An example of such a requirement is “The system shall only reveal employee salary information to members of the Human Resources Department.” 7. These requirements are then categorized, prioritized, and formally inspected for correctness in the remaining steps of SQUARE. 8. The final output of the process is a security requirements document that satisfies the security goals of the project, contains clear and verifiable requirements, and is agreed on by all relevant stakeholders.
Different Aspects of SQUARE Steps These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 31 Step Name Input Techniques Participants/Outputs Agree on definitions Candidate definitions from IEEE and other standards Structured interviews, focus group Stakeholders, requirements engineer/Agreed-to- definitions Identify assets and security goals Definitions, candidate goals, business drivers, policies and procedures Facilitated work session, surveys, interviews Stakeholders, requirements engineer/ Assets and goals Develop artifacts to support security requirements definition Potential artifacts (e.g., scenarios, misuse cases, templates, forms) Work session Requirements engineer/ Scenarios, misuse cases, models, templates, forms Perform risk assessment Misuse cases, scenarios, security goals Risk assessment method, analysis of anticipated risk against organizational risk tolerance, threat analysis Requirements engineer & expert stakeholders/ risk assessments results Select elicitation techniques Goals, definitions, candidate techniques, expertise of stakeholders, organizational style, culture, level of security needed, cost/benefit Work session Requirements engineers/ Selected elicitation techniques
Different Aspects of SQUARE Steps These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 32 Step Name Input Techniques Participants/Outputs Elicit security requirements Artifacts, risk assessment results, selected techniques Application Development (JAD), interviews, surveys, model-based analysis, checklists, lists of reusable requirements types, document reviews Stakeholders facilitated by requirements engineer/Initial cut at security requirements Categorize requirements as to level (system, software, etc.) and whether they are requirements or other kinds of constraints Initial requirements, architecture Work session using a standard set of categories Requirements engineer, other specialists as needed/Categorized requirements Prioritize requirements Categorized requirements and risk assessment results Prioritization methods such as Analytical Hierarchy Process (AHP), Triage, Win- Win Stakeholders facilitated by requirements engineer/ Prioritized requirements Inspect requirements Prioritized requirements, candidate formal inspection technique Inspection method such as Fagan, peer reviews Inspection team/Initial selected requirements, documentation of decision- making process and rationale
SQUARE – Step 1: Agree on Definitions • Goal: to guarantee effective and clear communication throughout the requirements engineering process • Content: agree on a common set of terminology and definitions. • Why?: o differences in expertise, knowledge, and experience o ambiguity in terms • Reuse public resources of security terms: o Software Engineering Body of Knowledge (SWEBOK) o IEEE 610.12 Standard Glossary of Software Engineering Terminology e.g., ambiguity of term access controls: • One stakeholder: it is a set of policies that governs which users may be granted access to which resources • Another stakeholder: it is the software elements in the system that actually implements this functionality. These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 33
SQUARE - Step 2: Identify Security Goals • Goal: formally agree on a set of prioritized security goals • Content: Identify and prioritize the overall security goals • Why?: o different stakeholders will likely have different security goals, e.g., confidentiality of personnel records or authorization in financial data o security goals of the stakeholders may also conflict with one another, e.g., security guys: strong security vs marketing: high performance These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 34
SQUARE - Step 3: Develop Artifacts • Goal: generate a complete set of artifacts of the system • Content: identify and collect as many artifacts as possible • Why?: o prepare for generating security requirements o prepare for risk assessment • Types of artifacts: o system architecture diagrams; o use case scenarios/diagrams; o misuse case scenarios/diagrams; o attack trees; o standardized templates and forms; These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 35
SQUARE - Step 3: Develop Artifacts These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Example system architecture diagram 36
SQUARE - Step 3: Develop Artifacts These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Example Attack Tree  An attacker’s goal is listed as the root node;  Tree leaves represent different ways to achieve that goal 37
SQUARE - Step 3: Develop Artifacts These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Sample Use Case Diagram 38
Example of misuse Source: Sindre, G. and Opdahl, A. L., 2005 SQUARE - Step 3: Develop Artifacts 39
SQUARE - Step 4: Perform Risk Assessment • Goal: identify the potential vulnerabilities and threats that face the system • Content: identify and classify the likelihood of vulnerabilities/threats • Why?: o implement logical security requirements or countermeasures, e.g., honeypot o to prioritize the security requirements These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Example risk assessment 40
SQUARE - Step 5: Select Elicitation Technique • Goal: select an elicitation technique that is suitable for the client organization and project • Content: choosing a technique that can adapt to: o the number and expertise of stakeholders, o size and scope of the client project, and o expertise of the requirements engineering team. • A sample of elicitation techniques: o Structured/unstructured interviews o Use/misuse cases o Facilitated meeting sessions, such as Joint Application Development and the Accelerated Requirements Method o Soft Systems Methodology o Issue-Based Information Systems o Quality Function Deployment o Feature-Oriented Domain Analysis o Controlled Requirements Expression o Critical Discourse Analysis These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 41
SQUARE - Step 6: Elicit Security Requirements • Goal: elicit correct requirements • Content: execute the selected elicitation technique and elicit easy-to-verify requirements • Mistakes in this step o elicit non-verifiable or vague, ambiguous requirements o elicit implementations or architectural constraints instead of requirements These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation.  heart of the SQUARE process  Verifiable? “The system shall improve the availability of the existing customer service center.”  Constraints? “The system shall use SSH to complete the communication system.” 42
SQUARE - Step 7: Categorize Requirements • Goal: prepare for prioritizing requirements • Content: allow the requirements engineer and stakeholders to classify the requirements as essential, non-essential, system level, software level, or as architectural constraints These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. • should avoid producing architectural constraints • need to identify constraints and remove them 43
SQUARE - Step 8: Prioritize Requirements • Goal: choose which requirements to implement and in what order • Content: prioritize the security requirements using the risk assessment and categorization results as a basis for decision making • Why?: o the client organization will be unable to implement all of the security requirements due to lack of time, resources, or developing changes in the goals of the project. These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 44
SQUARE - Step 9: Requirements Inspection • Goal: find any defects in the requirements such as ambiguities, inconsistencies, or mistaken assumptions • Content: create a set of accurate and verifiable security requirements These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Example Inspection Checklist 45
What are the three core security properties we have mentioned?
Core Security Properties – Also Requirements These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 47 • Confidentiality – The system must not disclose any information intended to be hidden E.g. your credit card information on a website • Integrity – A system must not allow assets to be subverted by unauthorized users, e.g., changing someone’s date of birth – We must be able to trust what is in a system • The data being stored • The functionality being executed • Availability – A system must be able to be available and operational to users, e.g., bringing down Amazon.com – These are extremely hard to protect against • Any system performance degradation that can be triggered by a user can be used for denial of service attacks • Concurrency issues, infinite loop, or resource exhaustion
Types of Security Requirements 48 University of Adelaide Source: SSDLC Stage One: Security Requirements, Farza, Iosentrix
Types of Security Requirements 49 Functional Requirements Non-Functional Requirements A functional requirement defines a system or its component. A non-functional requirement defines the quality attribute of a software system. It specifies “What should the software system do?” It places constraints on “How should the software system fulfill the functional requirements?” Functional requirement is specified by User. Non-functional requirement is specified by technical peoples e.g. Architect, Technical leaders and software developers. It is mandatory. It is not mandatory. It is captured in use case. It is captured as a quality attribute. Defined at a component level. Applied to a system as a whole. Helps you verify the functionality of the software. Helps you to verify the performance of the software. Functional Testing like System, Integration, End to End, API testing, etc are done. Non-Functional Testing like Performance, Stress, Usability, Security testing, etc are done. Usually easy to define. Usually more difficult to define. Example 1) Authentication of user whenever he/she logs into the system. 2) System shutdown in case of a cyber attack. 3) A Verification email is sent to user whenever he/she registers for the first time on some software system. Example 1) Emails should be sent with a latency of no greater than 12 hours from such an activity. 2) The processing of each request should be done within 10 seconds 3) The site should load in 3 seconds when the number of simultaneous users are > 10,000 Source: Geeksforgeeks
Sample Security Requirements 50 University of Adelaide Source: The importance of security requirements elicitation and how to do it, Silva et al., 2015
Sample Security Requirements 51 University of Adelaide Source: Requirements. James Walden Northern Kentucky University
Sample Security Requirements 52 University of Adelaide Source: Requirements. James Walden Northern Kentucky University
What security requirement do you think the system needs? 53 University of Adelaide
Summary • There are different ways to elicit software requirements • Security requirements is one of the most important part of requirements engineering • Requirements must be passed through quality criteria before finalizing them • Security requirements are collected against each security goal • Various examples of security requirements University of Adelaide 54 Source: Requirements. James Walden Northern Kentucky University
References 1. “Security Quality Requirements Engineering (SQUARE)”. Carnegie Mellon University. 2017

More Related Content

PPTX
SECURITY REQUIREMENTS ENGINEERING: APPLYING SQUARE FRAMEWORK
Ramez Al-Fayez
 
PDF
Requirements Engineering for Secure Software
Dr Sarika Jadhav
 
PDF
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
IJCSEA Journal
 
PPTX
Software Requirements
Nethan Shaik
 
PDF
Requirements engineering
Mohamed Zeinelabdeen Abdelgader Farh jber
 
PDF
9-Requirements Engineering process, Requirement Elicitation-21-01-2025.pdf
UjjwalAgrawal34
 
PPT
Requirement Engineering
Slideshare
 
PDF
SE-Unit II.pdf
AMITKUMARSINGH756828
 
SECURITY REQUIREMENTS ENGINEERING: APPLYING SQUARE FRAMEWORK
Ramez Al-Fayez
 
Requirements Engineering for Secure Software
Dr Sarika Jadhav
 
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
IJCSEA Journal
 
Software Requirements
Nethan Shaik
 
Requirements engineering
Mohamed Zeinelabdeen Abdelgader Farh jber
 
9-Requirements Engineering process, Requirement Elicitation-21-01-2025.pdf
UjjwalAgrawal34
 
Requirement Engineering
Slideshare
 
SE-Unit II.pdf
AMITKUMARSINGH756828
 

Similar to SSE_T3_LEC3_2024.pptx asdasdasdasdasdada (20)

PDF
3. 1 req elicitation
Ashenafi Workie
 
PPTX
Software Engineering Unit 2 AKTU Complete
malviyamishra19
 
PPTX
CSE1005 - Software Engineering_Module-02.pptx
YohoshivaBasaraboyin
 
PPTX
04 fse understandingrequirements
Mohesh Chandran
 
PPT
Ch 1-Introduction.ppt
balewayalew
 
PPTX
requirement engineering, types of requirement
letheya
 
PDF
se cph - 4---7-WA0008..pdf ejejekkekekememm
NavnitKaklotar
 
PPT
Requirement Engineering for Dependable Systems
Kamalika Guha Roy
 
PPT
An overview of software requirements engineering
Ian Sommerville
 
PPTX
Software engineering Unit 2(Updated)2.pptx
singhpriyansh0510
 
PPTX
Improving our Approach Towards Capturing Value in Requirements
Osama M. Khaled
 
PDF
3-REasdfghjkl;[poiunvnvncncn-Process.pdf
FadyFady9
 
PDF
System requirements engineering
Animesh Chaturvedi
 
PPT
REQUIREMENT ENGINEERING
Saqib Raza
 
PPT
vu-re-lecture-22 .ppt
HashimAli631806
 
PPTX
Requirement Engineering. Types of requirement
DeepakUlape2
 
ODP
Requirement analysis
Sangeet Shah
 
PPTX
1602984149-1-introduction.pptx4hjdqehjeg
faiziikanwal47
 
ODP
Requirements Analysis
Sibel Kuzgun AKIN
 
PPT
4
randhirlpu
 
3. 1 req elicitation
Ashenafi Workie
 
Software Engineering Unit 2 AKTU Complete
malviyamishra19
 
CSE1005 - Software Engineering_Module-02.pptx
YohoshivaBasaraboyin
 
04 fse understandingrequirements
Mohesh Chandran
 
Ch 1-Introduction.ppt
balewayalew
 
requirement engineering, types of requirement
letheya
 
se cph - 4---7-WA0008..pdf ejejekkekekememm
NavnitKaklotar
 
Requirement Engineering for Dependable Systems
Kamalika Guha Roy
 
An overview of software requirements engineering
Ian Sommerville
 
Software engineering Unit 2(Updated)2.pptx
singhpriyansh0510
 
Improving our Approach Towards Capturing Value in Requirements
Osama M. Khaled
 
3-REasdfghjkl;[poiunvnvncncn-Process.pdf
FadyFady9
 
System requirements engineering
Animesh Chaturvedi
 
REQUIREMENT ENGINEERING
Saqib Raza
 
vu-re-lecture-22 .ppt
HashimAli631806
 
Requirement Engineering. Types of requirement
DeepakUlape2
 
Requirement analysis
Sangeet Shah
 
1602984149-1-introduction.pptx4hjdqehjeg
faiziikanwal47
 
Requirements Analysis
Sibel Kuzgun AKIN
 
4
randhirlpu
 
Ad

Recently uploaded (20)

PPTX
Chapter 2 -Technology and Enginerring Materials + Composites.pptx
garciajeremiah070
 
PPTX
Chemical Technological Processes, Feasibility Study and Chemical Process Indu...
Raihan87
 
PPTX
CN_Unite_1 AI&DS ENGGERING SPPU PUNE UNIVERSITY
versetooni85
 
PDF
UEFA_Embodied_Carbon_Emissions_Football_Infrastructure.pdf
tuchinad02
 
PDF
Applications of Equal_Area_Criterion.pdf
Puja Gurav
 
PDF
August -2025_Top10 Read_Articles_ijait.pdf
ijait
 
PPT
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
PPTX
CONTRACTS IN CONSTRUCTION PROJECTS: TYPES
Surabhi794944
 
PDF
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
PDF
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
PPTX
Software Engineering and software moduleing
deepikame6
 
PDF
UEFA_Carbon_Footprint_Calculator_Methology_2.0.pdf
tuchinad02
 
PPTX
Management Information system : MIS-e-Business Systems.pptx
ShankarGowda22
 
PPTX
Sorting and Hashing in Data Structures with Algorithms, Techniques, Implement...
usham61
 
PDF
Computer organization and architecuture Digital Notes....pdf
Nune SrinivasRao
 
PPTX
AUTOMOTIVE ENGINE MANAGEMENT (MECHATRONICS).pptx
joanaabban6
 
PPTX
ASME PCC-02 TRAINING -DESKTOP-NLE5HNP.pptx
laxmikantvjawale
 
PDF
Design of Material Handling Equipment Lecture Note
Barsena
 
PPTX
Amdahl’s law is explained in the above power point presentations
sangeetha952248
 
PPTX
"Array and Linked List in Data Structures with Types, Operations, Implementat...
usham61
 
Chapter 2 -Technology and Enginerring Materials + Composites.pptx
garciajeremiah070
 
Chemical Technological Processes, Feasibility Study and Chemical Process Indu...
Raihan87
 
CN_Unite_1 AI&DS ENGGERING SPPU PUNE UNIVERSITY
versetooni85
 
UEFA_Embodied_Carbon_Emissions_Football_Infrastructure.pdf
tuchinad02
 
Applications of Equal_Area_Criterion.pdf
Puja Gurav
 
August -2025_Top10 Read_Articles_ijait.pdf
ijait
 
Chapter 1 - Introduction to Manufacturing Technology_2.ppt
garciajeremiah070
 
CONTRACTS IN CONSTRUCTION PROJECTS: TYPES
Surabhi794944
 
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
Software Engineering and software moduleing
deepikame6
 
UEFA_Carbon_Footprint_Calculator_Methology_2.0.pdf
tuchinad02
 
Management Information system : MIS-e-Business Systems.pptx
ShankarGowda22
 
Sorting and Hashing in Data Structures with Algorithms, Techniques, Implement...
usham61
 
Computer organization and architecuture Digital Notes....pdf
Nune SrinivasRao
 
AUTOMOTIVE ENGINE MANAGEMENT (MECHATRONICS).pptx
joanaabban6
 
ASME PCC-02 TRAINING -DESKTOP-NLE5HNP.pptx
laxmikantvjawale
 
Design of Material Handling Equipment Lecture Note
Barsena
 
Amdahl’s law is explained in the above power point presentations
sangeetha952248
 
"Array and Linked List in Data Structures with Types, Operations, Implementat...
usham61
 
Ad

SSE_T3_LEC3_2024.pptx asdasdasdasdasdada

  • 1. Outlin e 1 • Software requirements elicitation • Quality criteria for requirements • Software security requirements • Security requirements examples
  • 3. Software Requirement Engineering 3 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
  • 4. Software Requirements Elicitation 4 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
  • 5. Software Requirements Elicitation 5 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
  • 6. Software Stakeholder 6 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
  • 7. Software Customer 7 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law [A customer is an] individual or organization that derives either direct or indirect benefit from a product. Software customers might request, pay for, select, specify, use, or receive the output generated by a software product.”
  • 8. Requirements Elicitation Techniques 8 Source: Top 5 Requirements Elicitation Techniques for Business Analysts, Techcanvass
  • 9. Interviews 9 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
  • 10. Workshops 10 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law
  • 11. Observations 11 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 12. Brainstorming/focus group 12 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 13. Document Analysis 13 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide most commonly used/easiest method to collect software requirements
  • 14. Quality criteria for requirements 14 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 15. Quality criteria for requirements 15 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 16. Quality criteria for requirements 16 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 17. Quality criteria for requirements 17 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 18. Quality criteria for requirements 18 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 19. Quality criteria for requirements 19 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 20. Quality criteria for requirements 20 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 21. Quality criteria for requirements 21 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 22. Quality criteria for requirements 22 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 23. Quality criteria for requirements 23 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 24. Quality criteria for requirements 24 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 25. Quality criteria for requirements 25 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 26. Quality criteria for requirements 26 Source: Requirements engineering by Dagmar Monett – Berlin School of Economics and Law University of Adelaide
  • 27. Security Quality Requirements Engineering These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 27 • Security Quality Requirements Engineering (SQUARE) • Developed by the Networked Systems Survivability program at the SEI, Carnegie Mellon University. – A method to elicit, categorise, and prioritise security requirements for software systems and applications. – This method focuses on developing security concepts at the early stages of a software system’s development life cycle. – The method is also used for documenting and analysing the security aspects of existing systems for modifications and evolution. – This method can also be used with existing requirements engineering process
  • 28. SQUARE – Some Details These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 28 • Who is involved? – Stakeholders of the project – Requirement engineers with security expertise • In SQUARE, security requirements are: – Treated at the same time as the system’s functional requirements, AND – Specified in the early stages of the SDLC (software development lifecycle) – Specified in similar ways as software requirements engineering and practices – Determined through a process of nine discrete steps
  • 29. SQUARE Steps These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 29 • 1. Agree on definitions. • 2. Identify assets and security goals. • 3. Develop artifacts to support security requirements definition. • 4. Assess risks. • 5. Select elicitation technique(s). • 6. Elicit security requirements. • 7. Categorize requirements. • 8. Prioritize requirements. • 9. Inspect requirements.
  • 30. SQUARE Steps These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 30 1. the first task for the organization is to agree on a common set of security definitions, followed by the definition of organizational security goals. 2. These security goals may be derived from business application goals, potential threats to project assets, and management controls and policy. 3. The requirements engineer can then develop artifacts (network maps and diagrams, attack trees, and use/misuse cases) that will aid in the elicitation of security requirements. 4. Next, a formal risk assessment allows the organization to understand how the likelihood and impact of various threats can affect the project’s security goals and assets. 5. At this point in the SQUARE process, the requirements engineer must select one or more requirements-elicitation techniques appropriate for the organization’s culture, expertise, level of security required, and nature of the system being developed. 6. The selected techniques are subsequently used to elicit an initial set of security requirements in the form of operational constraints on the system. An example of such a requirement is “The system shall only reveal employee salary information to members of the Human Resources Department.” 7. These requirements are then categorized, prioritized, and formally inspected for correctness in the remaining steps of SQUARE. 8. The final output of the process is a security requirements document that satisfies the security goals of the project, contains clear and verifiable requirements, and is agreed on by all relevant stakeholders.
  • 31. Different Aspects of SQUARE Steps These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 31 Step Name Input Techniques Participants/Outputs Agree on definitions Candidate definitions from IEEE and other standards Structured interviews, focus group Stakeholders, requirements engineer/Agreed-to- definitions Identify assets and security goals Definitions, candidate goals, business drivers, policies and procedures Facilitated work session, surveys, interviews Stakeholders, requirements engineer/ Assets and goals Develop artifacts to support security requirements definition Potential artifacts (e.g., scenarios, misuse cases, templates, forms) Work session Requirements engineer/ Scenarios, misuse cases, models, templates, forms Perform risk assessment Misuse cases, scenarios, security goals Risk assessment method, analysis of anticipated risk against organizational risk tolerance, threat analysis Requirements engineer & expert stakeholders/ risk assessments results Select elicitation techniques Goals, definitions, candidate techniques, expertise of stakeholders, organizational style, culture, level of security needed, cost/benefit Work session Requirements engineers/ Selected elicitation techniques
  • 32. Different Aspects of SQUARE Steps These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 32 Step Name Input Techniques Participants/Outputs Elicit security requirements Artifacts, risk assessment results, selected techniques Application Development (JAD), interviews, surveys, model-based analysis, checklists, lists of reusable requirements types, document reviews Stakeholders facilitated by requirements engineer/Initial cut at security requirements Categorize requirements as to level (system, software, etc.) and whether they are requirements or other kinds of constraints Initial requirements, architecture Work session using a standard set of categories Requirements engineer, other specialists as needed/Categorized requirements Prioritize requirements Categorized requirements and risk assessment results Prioritization methods such as Analytical Hierarchy Process (AHP), Triage, Win- Win Stakeholders facilitated by requirements engineer/ Prioritized requirements Inspect requirements Prioritized requirements, candidate formal inspection technique Inspection method such as Fagan, peer reviews Inspection team/Initial selected requirements, documentation of decision- making process and rationale
  • 33. SQUARE – Step 1: Agree on Definitions • Goal: to guarantee effective and clear communication throughout the requirements engineering process • Content: agree on a common set of terminology and definitions. • Why?: o differences in expertise, knowledge, and experience o ambiguity in terms • Reuse public resources of security terms: o Software Engineering Body of Knowledge (SWEBOK) o IEEE 610.12 Standard Glossary of Software Engineering Terminology e.g., ambiguity of term access controls: • One stakeholder: it is a set of policies that governs which users may be granted access to which resources • Another stakeholder: it is the software elements in the system that actually implements this functionality. These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 33
  • 34. SQUARE - Step 2: Identify Security Goals • Goal: formally agree on a set of prioritized security goals • Content: Identify and prioritize the overall security goals • Why?: o different stakeholders will likely have different security goals, e.g., confidentiality of personnel records or authorization in financial data o security goals of the stakeholders may also conflict with one another, e.g., security guys: strong security vs marketing: high performance These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 34
  • 35. SQUARE - Step 3: Develop Artifacts • Goal: generate a complete set of artifacts of the system • Content: identify and collect as many artifacts as possible • Why?: o prepare for generating security requirements o prepare for risk assessment • Types of artifacts: o system architecture diagrams; o use case scenarios/diagrams; o misuse case scenarios/diagrams; o attack trees; o standardized templates and forms; These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 35
  • 36. SQUARE - Step 3: Develop Artifacts These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Example system architecture diagram 36
  • 37. SQUARE - Step 3: Develop Artifacts These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Example Attack Tree  An attacker’s goal is listed as the root node;  Tree leaves represent different ways to achieve that goal 37
  • 38. SQUARE - Step 3: Develop Artifacts These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Sample Use Case Diagram 38
  • 39. Example of misuse Source: Sindre, G. and Opdahl, A. L., 2005 SQUARE - Step 3: Develop Artifacts 39
  • 40. SQUARE - Step 4: Perform Risk Assessment • Goal: identify the potential vulnerabilities and threats that face the system • Content: identify and classify the likelihood of vulnerabilities/threats • Why?: o implement logical security requirements or countermeasures, e.g., honeypot o to prioritize the security requirements These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Example risk assessment 40
  • 41. SQUARE - Step 5: Select Elicitation Technique • Goal: select an elicitation technique that is suitable for the client organization and project • Content: choosing a technique that can adapt to: o the number and expertise of stakeholders, o size and scope of the client project, and o expertise of the requirements engineering team. • A sample of elicitation techniques: o Structured/unstructured interviews o Use/misuse cases o Facilitated meeting sessions, such as Joint Application Development and the Accelerated Requirements Method o Soft Systems Methodology o Issue-Based Information Systems o Quality Function Deployment o Feature-Oriented Domain Analysis o Controlled Requirements Expression o Critical Discourse Analysis These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 41
  • 42. SQUARE - Step 6: Elicit Security Requirements • Goal: elicit correct requirements • Content: execute the selected elicitation technique and elicit easy-to-verify requirements • Mistakes in this step o elicit non-verifiable or vague, ambiguous requirements o elicit implementations or architectural constraints instead of requirements These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation.  heart of the SQUARE process  Verifiable? “The system shall improve the availability of the existing customer service center.”  Constraints? “The system shall use SSH to complete the communication system.” 42
  • 43. SQUARE - Step 7: Categorize Requirements • Goal: prepare for prioritizing requirements • Content: allow the requirements engineer and stakeholders to classify the requirements as essential, non-essential, system level, software level, or as architectural constraints These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. • should avoid producing architectural constraints • need to identify constraints and remove them 43
  • 44. SQUARE - Step 8: Prioritize Requirements • Goal: choose which requirements to implement and in what order • Content: prioritize the security requirements using the risk assessment and categorization results as a basis for decision making • Why?: o the client organization will be unable to implement all of the security requirements due to lack of time, resources, or developing changes in the goals of the project. These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 44
  • 45. SQUARE - Step 9: Requirements Inspection • Goal: find any defects in the requirements such as ambiguities, inconsistencies, or mistaken assumptions • Content: create a set of accurate and verifiable security requirements These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. Example Inspection Checklist 45
  • 46. What are the three core security properties we have mentioned?
  • 47. Core Security Properties – Also Requirements These slides contain material sourced (verbatim and/or modified) from the references provided at end of this presentation. 47 • Confidentiality – The system must not disclose any information intended to be hidden E.g. your credit card information on a website • Integrity – A system must not allow assets to be subverted by unauthorized users, e.g., changing someone’s date of birth – We must be able to trust what is in a system • The data being stored • The functionality being executed • Availability – A system must be able to be available and operational to users, e.g., bringing down Amazon.com – These are extremely hard to protect against • Any system performance degradation that can be triggered by a user can be used for denial of service attacks • Concurrency issues, infinite loop, or resource exhaustion
  • 48. Types of Security Requirements 48 University of Adelaide Source: SSDLC Stage One: Security Requirements, Farza, Iosentrix
  • 49. Types of Security Requirements 49 Functional Requirements Non-Functional Requirements A functional requirement defines a system or its component. A non-functional requirement defines the quality attribute of a software system. It specifies “What should the software system do?” It places constraints on “How should the software system fulfill the functional requirements?” Functional requirement is specified by User. Non-functional requirement is specified by technical peoples e.g. Architect, Technical leaders and software developers. It is mandatory. It is not mandatory. It is captured in use case. It is captured as a quality attribute. Defined at a component level. Applied to a system as a whole. Helps you verify the functionality of the software. Helps you to verify the performance of the software. Functional Testing like System, Integration, End to End, API testing, etc are done. Non-Functional Testing like Performance, Stress, Usability, Security testing, etc are done. Usually easy to define. Usually more difficult to define. Example 1) Authentication of user whenever he/she logs into the system. 2) System shutdown in case of a cyber attack. 3) A Verification email is sent to user whenever he/she registers for the first time on some software system. Example 1) Emails should be sent with a latency of no greater than 12 hours from such an activity. 2) The processing of each request should be done within 10 seconds 3) The site should load in 3 seconds when the number of simultaneous users are > 10,000 Source: Geeksforgeeks
  • 50. Sample Security Requirements 50 University of Adelaide Source: The importance of security requirements elicitation and how to do it, Silva et al., 2015
  • 51. Sample Security Requirements 51 University of Adelaide Source: Requirements. James Walden Northern Kentucky University
  • 52. Sample Security Requirements 52 University of Adelaide Source: Requirements. James Walden Northern Kentucky University
  • 53. What security requirement do you think the system needs? 53 University of Adelaide
  • 54. Summary • There are different ways to elicit software requirements • Security requirements is one of the most important part of requirements engineering • Requirements must be passed through quality criteria before finalizing them • Security requirements are collected against each security goal • Various examples of security requirements University of Adelaide 54 Source: Requirements. James Walden Northern Kentucky University
  • 55. References 1. “Security Quality Requirements Engineering (SQUARE)”. Carnegie Mellon University. 2017

Editor's Notes

  • #34: different security goals: human resources: confidentiality of personnel records finance: financial data Conflict in security goals: strong security performance may hamper overall system performance marketing department will not be happy
  • #40: Step 4: Perform Risk Assessment logical security requirements: For instance, the stakeholders may decide that encryption is a necessary component of their system without fully understanding the nature of the problem that encryption can solve.
  • #41: Step 5: Select Elicitation Technique It is extremely unlikely that any single technique will work for all projects under all circumstances. multiple techniques will likely work for the same project.
  • #42: Verifiable?: No – the verifiable one: The system shall handle at least 300 simultaneous connections to the customer service center. Requirements are concerned with what the system should do, not how it should be done. What: The system shall handle at least 300 simultaneous connections to the customer service center. How: The system shall use SSH to complete the communication system.