Risk-Based Security Requirements Model for Web Software

Onyeka Ezenwoye; Yi Liu

doi:10.1109/REW56159.2022.00051

Risk-Based Security Requirements Model for Web Software

Onyeka Ezenwoye, Yi Liu

Computer & Cyber Sciences

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

With the proliferation of software vulnerabilities, tools are need to aid developers in infusing security requirements. This work introduces a risk-based security requirements model (RBSR) for web applications. With RBSR, security requirements for mitigating vulnerabilities are associated with weaknesses and risks. Events in the application's functional requirements are also associated with risks. The functional requirements thus acquire the relevant security requirements. RBSR makes it possible to specify security requirements completely and consistently across use cases. The RBSR model is explained and a case study application is used to demonstrate the model.

Original language	English (US)
Title of host publication	Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022
Editors	Eric Knauss, Gunter Mussbacher, Chetan Arora, Muneera Bano, Jean-Guy Schneider
Publisher	IEEE Computer Society
Pages	232-237
Number of pages	6
ISBN (Electronic)	9781665460002
DOIs	https://doi.org/10.1109/REW56159.2022.00051
State	Published - 2022
Event	30th IEEE International Requirements Engineering Conference Workshops, REW 2022 - Virtual, Online, Australia Duration: Aug 15 2022 → Aug 19 2022

Publication series

Name	Proceedings of the IEEE International Conference on Requirements Engineering
ISSN (Print)	1090-705X
ISSN (Electronic)	2332-6441

Conference

Conference	30th IEEE International Requirements Engineering Conference Workshops, REW 2022
Country/Territory	Australia
City	Virtual, Online
Period	8/15/22 → 8/19/22

Keywords

Requirements Engineering
Security
Vulnerability

ASJC Scopus subject areas

General Computer Science
General Engineering
Strategy and Management

Access to Document

10.1109/REW56159.2022.00051

Cite this

Ezenwoye, O., & Liu, Y. (2022). Risk-Based Security Requirements Model for Web Software. In E. Knauss, G. Mussbacher, C. Arora, M. Bano, & J.-G. Schneider (Eds.), Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022 (pp. 232-237). (Proceedings of the IEEE International Conference on Requirements Engineering). IEEE Computer Society. https://doi.org/10.1109/REW56159.2022.00051

Risk-Based Security Requirements Model for Web Software. / Ezenwoye, Onyeka; Liu, Yi.
Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022. ed. / Eric Knauss; Gunter Mussbacher; Chetan Arora; Muneera Bano; Jean-Guy Schneider. IEEE Computer Society, 2022. p. 232-237 (Proceedings of the IEEE International Conference on Requirements Engineering).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ezenwoye, O & Liu, Y 2022, Risk-Based Security Requirements Model for Web Software. in E Knauss, G Mussbacher, C Arora, M Bano & J-G Schneider (eds), Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022. Proceedings of the IEEE International Conference on Requirements Engineering, IEEE Computer Society, pp. 232-237, 30th IEEE International Requirements Engineering Conference Workshops, REW 2022, Virtual, Online, Australia, 8/15/22. https://doi.org/10.1109/REW56159.2022.00051

Ezenwoye O, Liu Y. Risk-Based Security Requirements Model for Web Software. In Knauss E, Mussbacher G, Arora C, Bano M, Schneider JG, editors, Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022. IEEE Computer Society. 2022. p. 232-237. (Proceedings of the IEEE International Conference on Requirements Engineering). doi: 10.1109/REW56159.2022.00051

Ezenwoye, Onyeka ; Liu, Yi. / Risk-Based Security Requirements Model for Web Software. Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022. editor / Eric Knauss ; Gunter Mussbacher ; Chetan Arora ; Muneera Bano ; Jean-Guy Schneider. IEEE Computer Society, 2022. pp. 232-237 (Proceedings of the IEEE International Conference on Requirements Engineering).

@inproceedings{781489dbede44ff28715a6499ba6496d,

title = "Risk-Based Security Requirements Model for Web Software",

abstract = "With the proliferation of software vulnerabilities, tools are need to aid developers in infusing security requirements. This work introduces a risk-based security requirements model (RBSR) for web applications. With RBSR, security requirements for mitigating vulnerabilities are associated with weaknesses and risks. Events in the application's functional requirements are also associated with risks. The functional requirements thus acquire the relevant security requirements. RBSR makes it possible to specify security requirements completely and consistently across use cases. The RBSR model is explained and a case study application is used to demonstrate the model.",

keywords = "Requirements Engineering, Security, Vulnerability",

author = "Onyeka Ezenwoye and Yi Liu",

note = "Publisher Copyright: {\textcopyright} 2022 IEEE.; 30th IEEE International Requirements Engineering Conference Workshops, REW 2022 ; Conference date: 15-08-2022 Through 19-08-2022",

year = "2022",

doi = "10.1109/REW56159.2022.00051",

language = "English (US)",

series = "Proceedings of the IEEE International Conference on Requirements Engineering",

publisher = "IEEE Computer Society",

pages = "232--237",

editor = "Eric Knauss and Gunter Mussbacher and Chetan Arora and Muneera Bano and Jean-Guy Schneider",

booktitle = "Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022",

}

TY - GEN

T1 - Risk-Based Security Requirements Model for Web Software

AU - Ezenwoye, Onyeka

AU - Liu, Yi

PY - 2022

Y1 - 2022

N2 - With the proliferation of software vulnerabilities, tools are need to aid developers in infusing security requirements. This work introduces a risk-based security requirements model (RBSR) for web applications. With RBSR, security requirements for mitigating vulnerabilities are associated with weaknesses and risks. Events in the application's functional requirements are also associated with risks. The functional requirements thus acquire the relevant security requirements. RBSR makes it possible to specify security requirements completely and consistently across use cases. The RBSR model is explained and a case study application is used to demonstrate the model.

AB - With the proliferation of software vulnerabilities, tools are need to aid developers in infusing security requirements. This work introduces a risk-based security requirements model (RBSR) for web applications. With RBSR, security requirements for mitigating vulnerabilities are associated with weaknesses and risks. Events in the application's functional requirements are also associated with risks. The functional requirements thus acquire the relevant security requirements. RBSR makes it possible to specify security requirements completely and consistently across use cases. The RBSR model is explained and a case study application is used to demonstrate the model.

KW - Requirements Engineering

KW - Security

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=85142223148&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85142223148&partnerID=8YFLogxK

U2 - 10.1109/REW56159.2022.00051

DO - 10.1109/REW56159.2022.00051

M3 - Conference contribution

AN - SCOPUS:85142223148

T3 - Proceedings of the IEEE International Conference on Requirements Engineering

SP - 232

EP - 237

BT - Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022

A2 - Knauss, Eric

A2 - Mussbacher, Gunter

A2 - Arora, Chetan

A2 - Bano, Muneera

A2 - Schneider, Jean-Guy

PB - IEEE Computer Society

T2 - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022

Y2 - 15 August 2022 through 19 August 2022

ER -

Risk-Based Security Requirements Model for Web Software

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this