Risk-Based Security Requirements Model for Web Software

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

With the proliferation of software vulnerabilities, tools are need to aid developers in infusing security requirements. This work introduces a risk-based security requirements model (RBSR) for web applications. With RBSR, security requirements for mitigating vulnerabilities are associated with weaknesses and risks. Events in the application's functional requirements are also associated with risks. The functional requirements thus acquire the relevant security requirements. RBSR makes it possible to specify security requirements completely and consistently across use cases. The RBSR model is explained and a case study application is used to demonstrate the model.

Original languageEnglish (US)
Title of host publicationProceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022
EditorsEric Knauss, Gunter Mussbacher, Chetan Arora, Muneera Bano, Jean-Guy Schneider
PublisherIEEE Computer Society
Pages232-237
Number of pages6
ISBN (Electronic)9781665460002
DOIs
StatePublished - 2022
Event30th IEEE International Requirements Engineering Conference Workshops, REW 2022 - Virtual, Online, Australia
Duration: Aug 15 2022Aug 19 2022

Publication series

NameProceedings of the IEEE International Conference on Requirements Engineering
ISSN (Print)1090-705X
ISSN (Electronic)2332-6441

Conference

Conference30th IEEE International Requirements Engineering Conference Workshops, REW 2022
Country/TerritoryAustralia
CityVirtual, Online
Period8/15/228/19/22

Keywords

  • Requirements Engineering
  • Security
  • Vulnerability

ASJC Scopus subject areas

  • Computer Science(all)
  • Engineering(all)
  • Strategy and Management

Fingerprint

Dive into the research topics of 'Risk-Based Security Requirements Model for Web Software'. Together they form a unique fingerprint.

Cite this