Skip to main content
SpringerLink
Log in

Reusable knowledge in security requirements engineering: a systematic mapping study

  • Original Article
  • Published:
Requirements Engineering Aims and scope Submit manuscript

Abstract

Security is a concern that must be taken into consideration starting from the early stages of system development. Over the last two decades, researchers and engineers have developed a considerable number of methods for security requirements engineering. Some of them rely on the (re)use of security knowledge. Despite some existing surveys about security requirements engineering, there is not yet any reference for researchers and practitioners that presents in a systematic way the existing proposals, techniques, and tools related to security knowledge reuse in security requirements engineering. The aim of this paper is to fill this gap by looking into drawing a picture of the literature on knowledge and reuse in security requirements engineering. The questions we address are related to methods, techniques, modeling frameworks, and tools for and by reuse in security requirements engineering. We address these questions through a systematic mapping study. The mapping study was a literature review conducted with the goal of identifying, analyzing, and categorizing state-of-the-art research on our topic. This mapping study analyzes more than thirty approaches, covering 20 years of research in security requirements engineering. The contributions can be summarized as follows: (1) A framework was defined for analyzing and comparing the different proposals as well as categorizing future contributions related to knowledge reuse and security requirements engineering; (2) the different forms of knowledge representation and reuse were identified; and (3) previous surveys were updated. We conclude that most methods should introduce more reusable knowledge to manage security requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. http://www.objectiver.com/.

  2. www.openmodels.at.

References

  1. Mayer N (2012) Model-based management of information system security risk. Presses universitaires de Namur, Namur, Belgieum

  2. Giorgini P, Massacci F, Zannone N (2005) Security and trust requirements engineering. In: Aldini A, Gorrieri R, Martinelli F (eds) Foundations of security analysis and design III. Springer, Berlin, pp 237–272

    Chapter  Google Scholar 

  3. Liu L, Yu E, Mylopoulos J (2002) Analyzing security requirements as relationships among strategic actors. In: Proceedings of the 2nd symposium on requirements engineering for information security

  4. Mouratidis H (2006) Analysing security requirements of information systems using tropos, January-2006. (Online). http://roar.uel.ac.uk/409/. Consulted 17 Nov 2012

  5. Van Lamsweerde A (2004) Elaborating security requirements by construction of intentional anti-models. In: Proceedings of 26th international conference on software engineering, 2004. ICSE 2004, pp 148–157

  6. Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34–44

    Article  Google Scholar 

  7. Firesmith DG (2003) Security use cases. J Object Technol 2(3):53–64

    Article  Google Scholar 

  8. Lodderstedt D, Basin J Doser (2002) SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel J-M, Hussmann H, Cook S (eds) ≪UML ≫ 2002—The Unified Modeling Language. Springer, Berlin, pp 426–441

    Chapter  Google Scholar 

  9. Jürjens J (2002) Using UMLsec and goal trees for secure systems development. In: Proceedings of the 2002 ACM symposium on Applied computing, New York, 2002, pp 1026–1030

  10. Firesmith D (2004) Specifying reusable security requirements. J Object Technol 3(1):61–75

    Article  Google Scholar 

  11. Hermoye LA, van Lamsweerde A, Perry DE (2014) A reuse-based approach to security requirements engineering. (Online). http://users.ece.utexas.edu/~perry/work/papers/060908-LH-reuse.pdf. Consulted 17 Dec 2014

  12. Jensen J, Tøndel IA, Meland PH (2010) Experimental threat model reuse with misuse case diagrams. In: Soriano M, Qing S, López J (eds) Information and communications security. Springer, Berlin, pp 355–366

    Chapter  Google Scholar 

  13. Hatebur D, Heisel M, Schmidt H (2007) A pattern system for security requirements engineering. In: The second international conference on availability, reliability and security, 2007. ARES 2007, pp 356–365

  14. Heineman GT, Councill WT (2001) Component-based software engineering: putting the pieces together (paperback), 1st edn. Addison-Wesley Professional, Upper Saddle River

    Google Scholar 

  15. Frakes WB, Kang K (2005) Software reuse research: status and future. IEEE Trans Softw Eng 31(7):529–536

    Article  Google Scholar 

  16. Lam W, McDermid JA, Vickers AJ (1997) Ten steps towards systematic requirements reuse. Requir Eng 2(2):102–113

    Article  Google Scholar 

  17. Robertson S, Robertson J (2013) Mastering the requirements process getting requirements right. Addison-Wesley, Upper Saddle River

    Google Scholar 

  18. López O, Laguna MA, Peñalvo FJG (2002) Metamodeling for requirements reuse. In: WER, 2002, pp 76–90

  19. Walton P, Maiden N (1993) Integrated software reuse: management and techniques. Ashgate Publishing Company Brookfield, VT, USA

  20. Mead NR, McGraw G (2005) A portal for software security. IEEE Secur Priv 3(4):75–79

    Article  Google Scholar 

  21. Petersen K, Feldt R, Mujtaba S, Mattsson M (2008) Systematic mapping studies in software engineering. In: 12th international conference on evaluation and assessment in software engineering, vol. 17, p 1, 2008

  22. Kitchenham B, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering. In: Technical report EBSE-2007-01, 2007

  23. Budgen D, Turner M, Brereton P, Kitchenham B (2008) Using mapping studies in software engineering. Proc PPIG 8:195–204

    Google Scholar 

  24. Kitchenham BA, Budgen D, Brereton OP (2011) Using mapping studies as the basis for further research–a participant-observer case study. Inform Softw Technol 53(6):638–651

    Article  Google Scholar 

  25. Wieringa R, Maiden N, Mead N, Rolland C (2006) Requirements engineering paper classification and evaluation criteria: a proposal and a discussion. Requir Eng 11(1):102–107

    Article  Google Scholar 

  26. Dubois É, Heymans P, Mayer N, Matulevičius R (2010) A systematic approach to define the domain of information system security risk management. In: Nurcan S, Salinesi C, Souveyet C, Ralyté J (eds) Intentional perspectives on information systems engineering. Springer, Berlin, pp 289–306

    Chapter  Google Scholar 

  27. Fabian B, Gürses S, Heisel M, Santen T, Schmidt H (2010) A comparison of security requirements engineering methods. Requir Eng 15(1):7–40

    Article  Google Scholar 

  28. Elahi G (2009) Security requirements engineering: state of the art and practice and challenges. http://www.cs.utoronto.ca/~gelahi/Depth

  29. Mouratidis H, Giorgini P, Schumacher M, Manson M (2003) Security patterns for agent systems. In: Proceedings of the eight european conference on pattern languages of programs (EuroPLoP), Irsee, Germany, 2003

  30. van Lamsweerde A (2007) Engineering requirements for system reliability and security. In: Broy JGM, Hoare C (eds) Software system reliability and security, ser. NATO security through science series-D: information and communication security, vol 9. IOS Press, Amsterdam, The Netherlands, pp 196–238

  31. Hermoye LA, van Lamsweerde A, Perry DE (2006) Attack patterns for security requirements engineering. September, (Online), 2006. https://hostdb.ece.utexas.edu/~perry/work/papers/060908-LH-threats.pdf

  32. Bresciani P, Perini A, Giorgini P, Giunchiglia F, Mylopoulos J (2004) Tropos: an agent-oriented software development methodology. Auton Agents Multi-Agent Syst 8(3):203–236

    Article  MATH  Google Scholar 

  33. Susi A, Perini A, Mylopoulos J, Giorgini P (2005) The tropos metamodel and its use. Informatica (Slovenia) 29(4):401–408

    Google Scholar 

  34. Mouratidis H, Giorgini P (2007) Secure Tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2):285–309

    Article  Google Scholar 

  35. Mouratidis H, Giorgini P, Manson G (2003) Integrating security and systems engineering: towards the modelling of secure information systems. In: Proceedings of the 15th conference on advanced information systems engineering CAiSE, 2003, pp 63–78

  36. Pavlidis M, Mouratidis H, Kalloniatis C, Islam S, Gritzalis S (2013) Trustworthy selection of cloud providers based on security and privacy requirements: justifying trust assumptions. In: Furnell S, Lambrinoudakis C, Lopez J (eds) Trust, privacy, and security in digital business. Springer, Berlin, pp 185–198

    Chapter  Google Scholar 

  37. Paja E, Dalpiaz F, Poggianella M, Roberti P, Giorgini P (2012) STS-Tool: using commitments to specify socio-technical security requirements. In: Castano S, Vassiliadis P, Lakshmanan LV, Lee ML (eds) Advances in conceptual modeling. Springer, Berlin, pp 396–399

    Chapter  Google Scholar 

  38. Mouratidis H, Weiss M, Giorgini P (2006) Modelling secure systems using an agent-oriented approach and security patterns. Int J Software Eng Knowl Eng 16:471–498

    Article  Google Scholar 

  39. Alexander C, Ishikawa S, Silverstein M (1977) A pattern language: towns, buildings, construction. Oxford University Press, New York

    Google Scholar 

  40. Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) ST-tool: a CASE tool for security requirements engineering. In: Proceedings of 13th IEEE international conference on requirements engineering, 2005, pp 451–452

  41. Okubo T, Kaiya H, Yoshioka N (2011) Effective security impact analysis with patterns for software enhancement. In: 2011 sixth international conference on availability, reliability and security (ARES), 2011, pp 527–534

  42. Souag A, Salinesi C, Comyn-Wattiau I (2012) Ontologies for security requirements: a literature survey and classification. In: Advanced information systems engineering workshops lecture notes in business information processing, vol 112, pp 61–69

  43. Antón AI, Earp JB (2001) Strategies for developing policies and requirements for secure electronic commerce systems. In: Ghosh AK (ed) E-commerce security and privacy. Kluwer Academic Publishers, Dordrecht, pp 29–46

    Google Scholar 

  44. He Q, Anton AI (2003) A framework for modeling privacy requirements in role engineering, international workshop on requirements engineering for software quality (REFSQ 2003), Klagenfurt/Velden, Austria, 16–17 June, 2003

  45. Antón AI, Earp JB (2004) A requirements taxonomy for reducing web site privacy vulnerabilities. Requir Eng 9(3):169–185

    Article  Google Scholar 

  46. Giorgini P, Massacci F, Mylopoulos J, Zannone N (2006) Requirements engineering for trust management: model, methodology, and reasoning. Int J Inf Secur 5(4):257–274

    Article  MATH  Google Scholar 

  47. Massacci F, Prest M, Zannone N (2004) Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. University of Trento, Departmental Technical Report, November 2004

  48. Massacci F, Zannone N (2008) Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank. In: Yu E, Giorgini P, Maiden N, Mylopoulos J (eds) Social modeling for requirements engineering. MIT Press, Cambridge

  49. Asnar Y, Giorgini P, Massacci F, Zannone N (2007) From trust to dependability through risk analysis. In: The second international conference on availability, reliability and security, 2007. ARES 2007. IEEE, pp 19–26

  50. Asnar Y, Giorgini P, Mylopoulos J (2006) Risk modelling and reasoning in goal models. University of Trento, Departmental Technical Report, February 2006

  51. Massacci F, Mylopoulos J, Zannone N (2007) An ontology for secure socio-technical systems. Handbook of ontologies for business interaction, 2007

  52. Ivankina E (2005) An approach to guide requirement elicitation by analysing the causes and consequences of threats. Inform Model Knowl. Bases XVI 121:13

    Google Scholar 

  53. Salinesi C, Ivankina E, Angole W (2008) Using the RITA threats ontology to guide requirements elicitation: an empirical experiment in the banking sector. In: Managing requirements knowledge, 2008. MARK’08. First International Workshop on, 2008, pp 11–15

  54. Rolland C, Souveyet C, BenAchour C (1998) Guiding goal modeling using scenarios. IEEE Trans Softw Eng 24(12):1055–1071

    Article  Google Scholar 

  55. Daramola O, Sindre G, Moser T (2012) Ontology-based support for security requirements specification process. In: Herrero P, Panetto H, Meersman R, Dillon T (eds) On the move to meaningful internet systems: OTM 2012 workshops. Springer, Berlin, pp 194–206

    Chapter  Google Scholar 

  56. Daramola O, Sindre G, Stalhane T (2012) Pattern-based security requirements specification using ontologies and boilerplates. In: 2012 IEEE second international workshop on requirements patterns (RePa), 2012, pp 54–59

  57. Hull E (2011) Requirements engineering. Springer, London

    Book  MATH  Google Scholar 

  58. Dritsas S, Gymnopoulos L, Karyda M, Balopoulos T, Kokolakis S, Lambrinoudakis C, Katsikas S (2006) A knowledge-based approach to security requirements for e-health applications. Electron J E-Commer Tools Appl, In the Special Issue: Emerging Security Paradigms in the Knowledge Era, 2(1)

  59. Velasco JL, Valencia-Garcia R, Fernandez-Breis JT, Toval A (2009) Modelling reusable security requirements based on an ontology framework. J Res Pract Inf Technol 41(2):119

    Google Scholar 

  60. PAe - MAGERIT v.3: Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información. (Online). http://administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html#.UhAEVLxsDR0. Consulted: 17 Aug 2013

  61. Toval A, Nicolás J, Moros B, García O (2001) Requirements reuse for improving information systems security: a practitioner’s approach. Requir Eng J 6:205–219

    Article  MATH  Google Scholar 

  62. Salini P, Kanmani S (2012) A knowledge-oriented approach to security requirements for an E-voting system. Int J Comput Appl 49(11):21–25

    Google Scholar 

  63. Chikh A, Abulaish M, Nabi SI, Alghathbar K (2011) An Ontology based information security requirements engineering framework. In: Park JJ, Lopez J, Yeo S-S, Shon T, Taniar D (eds) Secure and trust computing, data management and applications. Springer, Berlin, pp 139–146

    Chapter  Google Scholar 

  64. Fenz S, Ekelhart A (2009) Formalizing information security knowledge. (ASIACCS’09), pp 183–194

  65. Zuccato A, Daniels N, Jampathom C (2011) Service security requirement profiles for telecom: how software engineers may tackle security. In: 2011 sixth international conference on availability, reliability and security (ARES), 2011, pp 521–526

  66. Sindre G, Opdahl AL (2001) Templates for misuse case description. In: Proceedings of the 7th international workshop on requirements engineering, foundation for software quality, REFSQ’2001, 2001, pp 4–5

  67. Sindre G, Opdahl AL (2001) Capturing security requirements through misuse cases. NIK 2001, Norsk Informatikkonferanse 2001. http://www.nik.no/2001

  68. Alexander I (2002) Initial industrial experience of misuse cases in trade-off analysis. In: Proceedings of IEEE joint international conference on requirements engineering, 2002, pp 61–68

  69. Sindre G, Firesmith DG, Opdahl AL (2003) A reuse-based approach to determining security requirements. In Proceedings of 9th international workshop on requirements engineering: foundation for software quality, REFSQ’03, 2003, pp 16–17

  70. Lin L, Nuseibeh B, Ince D, Jackson M, Moffett J (2003) Introducing abuse frames for analysing security requirements. In: Proceedings of 11th IEEE International requirements engineering conference, RE’03, 2003, pp 371–372

  71. Lin L, Nuseibeh B, Ince D, Jackson M, Moffett J (2003) Analysing security threats and vulnerabilities using abuse frames. ETAPS-04, 2003

  72. Lin L, Nuseibeh B, Ince D, Jackson M Using abuse frames to bound the scope of security problems. In: Not Set (ed) 12th IEEE international requirements engineering conference (RE’04). IEEE Computer Society, pp 354–355

  73. Jackson MJ (2001) Problem frames: analysing and structuring software development problems. Addison-Wesley/ACM Press, Harlow

    Google Scholar 

  74. Saeki M, Kaiya H (2009) Security requirements elicitation using method weaving and common criteria. In: Chaudron MRV (ed) Models in software engineering. Springer, Berlin, pp 185–196

    Chapter  Google Scholar 

  75. N. S. A. S. S. F. G. G. M. MD Common criteria for information technology security evaluation. Department of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile (Medium Robustness, March 2002

  76. Common Criteria for Information Technology Security Evaluation. Part 2: Security Functional components. https://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R4.pdf. Consulted: 28 Sept 2013

  77. ECMA-271 (1999) Extended commercially oriented functionality class for security evaluation, E-COFC

  78. Mouratidis H, Islam S, Kalloniatis C, Gritzalis S (2013) A framework to support selection of cloud providers based on security and privacy requirements. J Syst Softw 86(9):2276–2293

    Article  Google Scholar 

  79. Mead NR, Stehney T (2005) Security quality requirements engineering (SQUARE) methodology. In: Proceedings of the 2005 workshop on Software engineering for secure system building trustworthy applications, New York, 2005, pp 1–7

  80. Mead NR, Viswanathan V, Padmanabhan D, Raveendran A (2008) Incorporating security quality requirements engineering (SQUARE) into standard life-cycle models, May 2008

  81. Mead NR, Hough ED (2006) Security requirements engineering for software systems: case studies in support of software engineering education. In: Proceedings of 19th conference on software engineering education and training, 2006, pp 149–158

  82. Rannenberg K (1993) Recent development in information technology security evaluation-the need for evaluation criteria for multilateral security. In: Security and control of information technology in society, 1993, pp 113–128

  83. Christian T (2010) Security requirements reusability and the SQUARE methodology, No. CMU/SEI-2010-TN-027. Carnegie-Mellon University, Software Engineering Institute, Pittsburgh

  84. Mellado D, Fernandez-Medina E, Piattini M (2008) Security requirements variability for software product lines. In: Third international conference on availability, reliability and security, 2008. ARES 08, 2008, pp 1413–1420

  85. Mellado D, Fernández-Medina E, Piattini M (2006) Applying a security requirements engineering process. In: Gollmann D, Meier J, Sabelfeld A (eds) Computer security—ESORICS 2006. Springer, Berlin, pp 192–206

    Chapter  Google Scholar 

  86. Mellado D, Fernández-Medina E, Piattini M (2007) A common criteria based security requirements engineering process for the development of secure information systems. Comput Stand Interfaces 29(2):244–253

    Article  Google Scholar 

  87. Jacobson I, Booch G, Rumbaugh J (1999) The unified software development process. Addison-Wesley, Reading

    Google Scholar 

  88. Yu E, Liu L (2001) Modelling trust for system design using the i* strategic actors framework. In: Falcone R, Singh M, Tan Y-H (eds) Trust in cyber-societies.  Springer, Berlin, Heidelberg, pp 175–194

  89. Liu L, Yu E, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: Proceedings of 11th IEEE international requirements engineering conference, 2003, pp 151–161

  90. Araujo R, Gupta S (2005) Design authorization systems using secureUML. In: Foundstone foundstone professional services, 2005, pp 2–16

  91. Jürjens J (2005) Secure systems development with UML. Springer, Berlin

    MATH  Google Scholar 

  92. Jürjens J, Shabalin P (2004) Automated verification of UMLsec models for security requirements. In UML 2004—The Unified Modeling Language, volume 2460 of LNCS, 2004, pp 412–425

  93. Best B, Jurjens J, Nuseibeh B (2007) Model-based security engineering of distributed information systems using UMLsec. In: 29th international conference on software engineering, 2007, pp 581–590

  94. Wenzel S, Warzecha D, Jurjens J (2012) Approach for adaptive security monitor generation—secureChange. yumpu.com, 31 Jan 2012. (Online). http://www.yumpu.com/en/document/view/8097461/approach-for-adaptive-security-monitor-generation-securechange. Consulted: 26 Aug 2013

  95. Dahl HEI, Hogganvik I, Stølen K (2007) Structured semantics for the CORAS security risk modeling language. In: Pre-proceedings of the 2nd international workshop on interoperability solutions on trust, security, policies and QoS for enhanced enterprise systems (IS-TSPQ’07), pp 79–92

  96. Lund MS, Solhaug B, Stølen K (2011) The CORAS tool. In: Model-driven risk analysis. Springer, Berlin, Heidelberg, pp 339–346

  97. Vraalsen F, den Braber F, Lund MS, Stølen K (2005) The CORAS tool for security risk analysis. In: Herrmann P, Issarny V, Shiu S (eds) Trust management. Springer, Berlin, pp 402–405

    Chapter  Google Scholar 

  98. Hogganvik I, Stølen K (2006) A graphical approach to risk identification, motivated by empirical investigations. In: Proceedings of the 9th international conference on model driven engineering languages and systems, Berlin, 2006, pp 574–588

  99. Evans S, Heinbuch D, Kyle E, Piorkowski J, Wallner J (2004) Risk-based systems security engineering: stopping attacks with intention. IEEE Secur Priv 2(6):59–62

    Article  Google Scholar 

  100. Buckshaw DL, Parnell GS, Unkenholz WL, Parks DL, Wallner JM, Saydjari OS (2005) Mission oriented risk and design analysis of critical information systems. Mil Oper Res 10(2):19–38

    Article  Google Scholar 

  101. Morali A, Wieringa R (2010) Risk-based confidentiality requirements specification for outsourced IT systems. In: 2010 18th IEEE international requirements engineering conference (RE), 2010, pp 199–208

  102. CRAC: Confidentiality risk analysis and IT-architecture comparison of business networks. (Online). http://www.tue.nl/en/publication/ep/p/d/ep-uid/231273/. Consulted: 25 Sept 2013

  103. Haley CB, Laney R, Moffett JD, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw En 34(1):133–153

    Article  Google Scholar 

  104. Haley CB, Moffett JD, Laney R, Nuseibeh B (2006) A framework for security requirements engineering. In: Proceedings of the 2006 international workshop on software engineering for secure systems, New York, 2006, pp 35–42

  105. Nuseibeh B, Haley CB, Foster C Securing the skies: in requirements we trust. Computer, In: IEEE Computer Society, pp 46–54

  106. Gürses S, Berendt B, Santen T (2006) Multilateral security requirements analysis for preserving privacy in ubiquitous environments. In: Proceedings of the UKDU workshop, 2006, pp 51–64

  107. Gürses SF, Santen T (2006) Contextualizing security goals: a method for multilateral security requirements elicitation. In: Sicherheit, 2006, vol 6, pp 42–53

  108. Souag A, Salinesi C, Mazo R, Comyn-Wattiau I (2015) A security ontology for security requirements elicitation. In: International symposium on engineering secure software and systems, March 4–6, 2015. To appear

  109. Chernak Y (2012) Requirements reuse: the state of the practice. In: 2012 IEEE international conference on software science, technology and engineering (SWSTE), 2012, pp 4653

  110. Yoshioka N, Washizaki H, Maruyama K (2008) A survey on security patterns. Prog Inf 5(5):35–47

    Article  Google Scholar 

  111. Devanbu PT, Stubblebine S (2000) Software engineering for security: a roadmap. In: Proceedings of the conference on the future of software engineering. ACM, pp 227–239

  112. Mellado D, Blanco C, Sánchez LE, Fernández-Medina E (2010) A systematic review of security requirements engineering. Comput Stand Interfaces 32(4):153–165

    Article  Google Scholar 

  113. Salini P, Kanmani S (2012) Survey and analysis on security requirements engineering. Comput Electron Eng 38(6):1785–1797

    Article  Google Scholar 

  114. Tondel IA, Jaatun MG, Meland PH (2008) Security requirements for the rest of us: a survey. Softw IEEE 25(1):20–27

    Article  Google Scholar 

  115. Elahi G (2009) Security requirements engineering: state of the art and practice and challenges. http://www.cs.utoronto.ca/~gelahi/DepthPaper.pdf

  116. Iankoulova I, Daneva M (2012) Cloud computing security requirements: a systematic review. In: Sixth International conference on research challenges in information science (RCIS). IEEE, 2012, pp 1–7

  117. Baskerville Richard (1993) information systems security design methods: implications for information systems development. ACM Comput Surv (CSUR) 25(4):375–414

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CRI, Panthéon Sorbonne University, Paris, France

    Amina Souag, Raúl Mazo & Camille Salinesi

  2. CEDRIC-CNAM & ESSEC Business School, Paris, France

    Isabelle Comyn-Wattiau

Authors
  1. Amina Souag
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raúl Mazo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Camille Salinesi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Isabelle Comyn-Wattiau
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amina Souag.

Appendix: Systematic mapping study: retrieved publications

Appendix: Systematic mapping study: retrieved publications

Table 4 (in the following) presents the searches conducted and the list of all publications retrieved in our systematic mapping study. For each retrieved paper, the following information is provided: name of the first author, title of the paper, year of publication, and digital library/resource. For each category, and for each conference/workshop, the table gives the number of papers found followed by the number of selected papers (using our selection criteria). Finally, the bold emphasis refers to papers selected; the italic emphasis refers to papers not selected in the SMAP.

Table 4 Table of all retrieved papers
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Souag, A., Mazo, R., Salinesi, C. et al. Reusable knowledge in security requirements engineering: a systematic mapping study. Requirements Eng 21, 251–283 (2016). https://doi.org/10.1007/s00766-015-0220-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00766-015-0220-8

Keywords

Search

Navigation