Abstract
Security is a concern that must be taken into consideration starting from the early stages of system development. Over the last two decades, researchers and engineers have developed a considerable number of methods for security requirements engineering. Some of them rely on the (re)use of security knowledge. Despite some existing surveys about security requirements engineering, there is not yet any reference for researchers and practitioners that presents in a systematic way the existing proposals, techniques, and tools related to security knowledge reuse in security requirements engineering. The aim of this paper is to fill this gap by looking into drawing a picture of the literature on knowledge and reuse in security requirements engineering. The questions we address are related to methods, techniques, modeling frameworks, and tools for and by reuse in security requirements engineering. We address these questions through a systematic mapping study. The mapping study was a literature review conducted with the goal of identifying, analyzing, and categorizing state-of-the-art research on our topic. This mapping study analyzes more than thirty approaches, covering 20 years of research in security requirements engineering. The contributions can be summarized as follows: (1) A framework was defined for analyzing and comparing the different proposals as well as categorizing future contributions related to knowledge reuse and security requirements engineering; (2) the different forms of knowledge representation and reuse were identified; and (3) previous surveys were updated. We conclude that most methods should introduce more reusable knowledge to manage security requirements.
Similar content being viewed by others
References
Mayer N (2012) Model-based management of information system security risk. Presses universitaires de Namur, Namur, Belgieum
Giorgini P, Massacci F, Zannone N (2005) Security and trust requirements engineering. In: Aldini A, Gorrieri R, Martinelli F (eds) Foundations of security analysis and design III. Springer, Berlin, pp 237–272
Liu L, Yu E, Mylopoulos J (2002) Analyzing security requirements as relationships among strategic actors. In: Proceedings of the 2nd symposium on requirements engineering for information security
Mouratidis H (2006) Analysing security requirements of information systems using tropos, January-2006. (Online). http://roar.uel.ac.uk/409/. Consulted 17 Nov 2012
Van Lamsweerde A (2004) Elaborating security requirements by construction of intentional anti-models. In: Proceedings of 26th international conference on software engineering, 2004. ICSE 2004, pp 148–157
Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34–44
Firesmith DG (2003) Security use cases. J Object Technol 2(3):53–64
Lodderstedt D, Basin J Doser (2002) SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel J-M, Hussmann H, Cook S (eds) ≪UML ≫ 2002—The Unified Modeling Language. Springer, Berlin, pp 426–441
Jürjens J (2002) Using UMLsec and goal trees for secure systems development. In: Proceedings of the 2002 ACM symposium on Applied computing, New York, 2002, pp 1026–1030
Firesmith D (2004) Specifying reusable security requirements. J Object Technol 3(1):61–75
Hermoye LA, van Lamsweerde A, Perry DE (2014) A reuse-based approach to security requirements engineering. (Online). http://users.ece.utexas.edu/~perry/work/papers/060908-LH-reuse.pdf. Consulted 17 Dec 2014
Jensen J, Tøndel IA, Meland PH (2010) Experimental threat model reuse with misuse case diagrams. In: Soriano M, Qing S, López J (eds) Information and communications security. Springer, Berlin, pp 355–366
Hatebur D, Heisel M, Schmidt H (2007) A pattern system for security requirements engineering. In: The second international conference on availability, reliability and security, 2007. ARES 2007, pp 356–365
Heineman GT, Councill WT (2001) Component-based software engineering: putting the pieces together (paperback), 1st edn. Addison-Wesley Professional, Upper Saddle River
Frakes WB, Kang K (2005) Software reuse research: status and future. IEEE Trans Softw Eng 31(7):529–536
Lam W, McDermid JA, Vickers AJ (1997) Ten steps towards systematic requirements reuse. Requir Eng 2(2):102–113
Robertson S, Robertson J (2013) Mastering the requirements process getting requirements right. Addison-Wesley, Upper Saddle River
López O, Laguna MA, Peñalvo FJG (2002) Metamodeling for requirements reuse. In: WER, 2002, pp 76–90
Walton P, Maiden N (1993) Integrated software reuse: management and techniques. Ashgate Publishing Company Brookfield, VT, USA
Mead NR, McGraw G (2005) A portal for software security. IEEE Secur Priv 3(4):75–79
Petersen K, Feldt R, Mujtaba S, Mattsson M (2008) Systematic mapping studies in software engineering. In: 12th international conference on evaluation and assessment in software engineering, vol. 17, p 1, 2008
Kitchenham B, Charters S (2007) Guidelines for performing systematic literature reviews in software engineering. In: Technical report EBSE-2007-01, 2007
Budgen D, Turner M, Brereton P, Kitchenham B (2008) Using mapping studies in software engineering. Proc PPIG 8:195–204
Kitchenham BA, Budgen D, Brereton OP (2011) Using mapping studies as the basis for further research–a participant-observer case study. Inform Softw Technol 53(6):638–651
Wieringa R, Maiden N, Mead N, Rolland C (2006) Requirements engineering paper classification and evaluation criteria: a proposal and a discussion. Requir Eng 11(1):102–107
Dubois É, Heymans P, Mayer N, Matulevičius R (2010) A systematic approach to define the domain of information system security risk management. In: Nurcan S, Salinesi C, Souveyet C, Ralyté J (eds) Intentional perspectives on information systems engineering. Springer, Berlin, pp 289–306
Fabian B, Gürses S, Heisel M, Santen T, Schmidt H (2010) A comparison of security requirements engineering methods. Requir Eng 15(1):7–40
Elahi G (2009) Security requirements engineering: state of the art and practice and challenges. http://www.cs.utoronto.ca/~gelahi/Depth
Mouratidis H, Giorgini P, Schumacher M, Manson M (2003) Security patterns for agent systems. In: Proceedings of the eight european conference on pattern languages of programs (EuroPLoP), Irsee, Germany, 2003
van Lamsweerde A (2007) Engineering requirements for system reliability and security. In: Broy JGM, Hoare C (eds) Software system reliability and security, ser. NATO security through science series-D: information and communication security, vol 9. IOS Press, Amsterdam, The Netherlands, pp 196–238
Hermoye LA, van Lamsweerde A, Perry DE (2006) Attack patterns for security requirements engineering. September, (Online), 2006. https://hostdb.ece.utexas.edu/~perry/work/papers/060908-LH-threats.pdf
Bresciani P, Perini A, Giorgini P, Giunchiglia F, Mylopoulos J (2004) Tropos: an agent-oriented software development methodology. Auton Agents Multi-Agent Syst 8(3):203–236
Susi A, Perini A, Mylopoulos J, Giorgini P (2005) The tropos metamodel and its use. Informatica (Slovenia) 29(4):401–408
Mouratidis H, Giorgini P (2007) Secure Tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2):285–309
Mouratidis H, Giorgini P, Manson G (2003) Integrating security and systems engineering: towards the modelling of secure information systems. In: Proceedings of the 15th conference on advanced information systems engineering CAiSE, 2003, pp 63–78
Pavlidis M, Mouratidis H, Kalloniatis C, Islam S, Gritzalis S (2013) Trustworthy selection of cloud providers based on security and privacy requirements: justifying trust assumptions. In: Furnell S, Lambrinoudakis C, Lopez J (eds) Trust, privacy, and security in digital business. Springer, Berlin, pp 185–198
Paja E, Dalpiaz F, Poggianella M, Roberti P, Giorgini P (2012) STS-Tool: using commitments to specify socio-technical security requirements. In: Castano S, Vassiliadis P, Lakshmanan LV, Lee ML (eds) Advances in conceptual modeling. Springer, Berlin, pp 396–399
Mouratidis H, Weiss M, Giorgini P (2006) Modelling secure systems using an agent-oriented approach and security patterns. Int J Software Eng Knowl Eng 16:471–498
Alexander C, Ishikawa S, Silverstein M (1977) A pattern language: towns, buildings, construction. Oxford University Press, New York
Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) ST-tool: a CASE tool for security requirements engineering. In: Proceedings of 13th IEEE international conference on requirements engineering, 2005, pp 451–452
Okubo T, Kaiya H, Yoshioka N (2011) Effective security impact analysis with patterns for software enhancement. In: 2011 sixth international conference on availability, reliability and security (ARES), 2011, pp 527–534
Souag A, Salinesi C, Comyn-Wattiau I (2012) Ontologies for security requirements: a literature survey and classification. In: Advanced information systems engineering workshops lecture notes in business information processing, vol 112, pp 61–69
Antón AI, Earp JB (2001) Strategies for developing policies and requirements for secure electronic commerce systems. In: Ghosh AK (ed) E-commerce security and privacy. Kluwer Academic Publishers, Dordrecht, pp 29–46
He Q, Anton AI (2003) A framework for modeling privacy requirements in role engineering, international workshop on requirements engineering for software quality (REFSQ 2003), Klagenfurt/Velden, Austria, 16–17 June, 2003
Antón AI, Earp JB (2004) A requirements taxonomy for reducing web site privacy vulnerabilities. Requir Eng 9(3):169–185
Giorgini P, Massacci F, Mylopoulos J, Zannone N (2006) Requirements engineering for trust management: model, methodology, and reasoning. Int J Inf Secur 5(4):257–274
Massacci F, Prest M, Zannone N (2004) Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. University of Trento, Departmental Technical Report, November 2004
Massacci F, Zannone N (2008) Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank. In: Yu E, Giorgini P, Maiden N, Mylopoulos J (eds) Social modeling for requirements engineering. MIT Press, Cambridge
Asnar Y, Giorgini P, Massacci F, Zannone N (2007) From trust to dependability through risk analysis. In: The second international conference on availability, reliability and security, 2007. ARES 2007. IEEE, pp 19–26
Asnar Y, Giorgini P, Mylopoulos J (2006) Risk modelling and reasoning in goal models. University of Trento, Departmental Technical Report, February 2006
Massacci F, Mylopoulos J, Zannone N (2007) An ontology for secure socio-technical systems. Handbook of ontologies for business interaction, 2007
Ivankina E (2005) An approach to guide requirement elicitation by analysing the causes and consequences of threats. Inform Model Knowl. Bases XVI 121:13
Salinesi C, Ivankina E, Angole W (2008) Using the RITA threats ontology to guide requirements elicitation: an empirical experiment in the banking sector. In: Managing requirements knowledge, 2008. MARK’08. First International Workshop on, 2008, pp 11–15
Rolland C, Souveyet C, BenAchour C (1998) Guiding goal modeling using scenarios. IEEE Trans Softw Eng 24(12):1055–1071
Daramola O, Sindre G, Moser T (2012) Ontology-based support for security requirements specification process. In: Herrero P, Panetto H, Meersman R, Dillon T (eds) On the move to meaningful internet systems: OTM 2012 workshops. Springer, Berlin, pp 194–206
Daramola O, Sindre G, Stalhane T (2012) Pattern-based security requirements specification using ontologies and boilerplates. In: 2012 IEEE second international workshop on requirements patterns (RePa), 2012, pp 54–59
Hull E (2011) Requirements engineering. Springer, London
Dritsas S, Gymnopoulos L, Karyda M, Balopoulos T, Kokolakis S, Lambrinoudakis C, Katsikas S (2006) A knowledge-based approach to security requirements for e-health applications. Electron J E-Commer Tools Appl, In the Special Issue: Emerging Security Paradigms in the Knowledge Era, 2(1)
Velasco JL, Valencia-Garcia R, Fernandez-Breis JT, Toval A (2009) Modelling reusable security requirements based on an ontology framework. J Res Pract Inf Technol 41(2):119
PAe - MAGERIT v.3: Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información. (Online). http://administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html#.UhAEVLxsDR0. Consulted: 17 Aug 2013
Toval A, Nicolás J, Moros B, García O (2001) Requirements reuse for improving information systems security: a practitioner’s approach. Requir Eng J 6:205–219
Salini P, Kanmani S (2012) A knowledge-oriented approach to security requirements for an E-voting system. Int J Comput Appl 49(11):21–25
Chikh A, Abulaish M, Nabi SI, Alghathbar K (2011) An Ontology based information security requirements engineering framework. In: Park JJ, Lopez J, Yeo S-S, Shon T, Taniar D (eds) Secure and trust computing, data management and applications. Springer, Berlin, pp 139–146
Fenz S, Ekelhart A (2009) Formalizing information security knowledge. (ASIACCS’09), pp 183–194
Zuccato A, Daniels N, Jampathom C (2011) Service security requirement profiles for telecom: how software engineers may tackle security. In: 2011 sixth international conference on availability, reliability and security (ARES), 2011, pp 521–526
Sindre G, Opdahl AL (2001) Templates for misuse case description. In: Proceedings of the 7th international workshop on requirements engineering, foundation for software quality, REFSQ’2001, 2001, pp 4–5
Sindre G, Opdahl AL (2001) Capturing security requirements through misuse cases. NIK 2001, Norsk Informatikkonferanse 2001. http://www.nik.no/2001
Alexander I (2002) Initial industrial experience of misuse cases in trade-off analysis. In: Proceedings of IEEE joint international conference on requirements engineering, 2002, pp 61–68
Sindre G, Firesmith DG, Opdahl AL (2003) A reuse-based approach to determining security requirements. In Proceedings of 9th international workshop on requirements engineering: foundation for software quality, REFSQ’03, 2003, pp 16–17
Lin L, Nuseibeh B, Ince D, Jackson M, Moffett J (2003) Introducing abuse frames for analysing security requirements. In: Proceedings of 11th IEEE International requirements engineering conference, RE’03, 2003, pp 371–372
Lin L, Nuseibeh B, Ince D, Jackson M, Moffett J (2003) Analysing security threats and vulnerabilities using abuse frames. ETAPS-04, 2003
Lin L, Nuseibeh B, Ince D, Jackson M Using abuse frames to bound the scope of security problems. In: Not Set (ed) 12th IEEE international requirements engineering conference (RE’04). IEEE Computer Society, pp 354–355
Jackson MJ (2001) Problem frames: analysing and structuring software development problems. Addison-Wesley/ACM Press, Harlow
Saeki M, Kaiya H (2009) Security requirements elicitation using method weaving and common criteria. In: Chaudron MRV (ed) Models in software engineering. Springer, Berlin, pp 185–196
N. S. A. S. S. F. G. G. M. MD Common criteria for information technology security evaluation. Department of Defense Public Key Infrastructure and Key Management Infrastructure Token Protection Profile (Medium Robustness, March 2002
Common Criteria for Information Technology Security Evaluation. Part 2: Security Functional components. https://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R4.pdf. Consulted: 28 Sept 2013
ECMA-271 (1999) Extended commercially oriented functionality class for security evaluation, E-COFC
Mouratidis H, Islam S, Kalloniatis C, Gritzalis S (2013) A framework to support selection of cloud providers based on security and privacy requirements. J Syst Softw 86(9):2276–2293
Mead NR, Stehney T (2005) Security quality requirements engineering (SQUARE) methodology. In: Proceedings of the 2005 workshop on Software engineering for secure system building trustworthy applications, New York, 2005, pp 1–7
Mead NR, Viswanathan V, Padmanabhan D, Raveendran A (2008) Incorporating security quality requirements engineering (SQUARE) into standard life-cycle models, May 2008
Mead NR, Hough ED (2006) Security requirements engineering for software systems: case studies in support of software engineering education. In: Proceedings of 19th conference on software engineering education and training, 2006, pp 149–158
Rannenberg K (1993) Recent development in information technology security evaluation-the need for evaluation criteria for multilateral security. In: Security and control of information technology in society, 1993, pp 113–128
Christian T (2010) Security requirements reusability and the SQUARE methodology, No. CMU/SEI-2010-TN-027. Carnegie-Mellon University, Software Engineering Institute, Pittsburgh
Mellado D, Fernandez-Medina E, Piattini M (2008) Security requirements variability for software product lines. In: Third international conference on availability, reliability and security, 2008. ARES 08, 2008, pp 1413–1420
Mellado D, Fernández-Medina E, Piattini M (2006) Applying a security requirements engineering process. In: Gollmann D, Meier J, Sabelfeld A (eds) Computer security—ESORICS 2006. Springer, Berlin, pp 192–206
Mellado D, Fernández-Medina E, Piattini M (2007) A common criteria based security requirements engineering process for the development of secure information systems. Comput Stand Interfaces 29(2):244–253
Jacobson I, Booch G, Rumbaugh J (1999) The unified software development process. Addison-Wesley, Reading
Yu E, Liu L (2001) Modelling trust for system design using the i* strategic actors framework. In: Falcone R, Singh M, Tan Y-H (eds) Trust in cyber-societies. Springer, Berlin, Heidelberg, pp 175–194
Liu L, Yu E, Mylopoulos J (2003) Security and privacy requirements analysis within a social setting. In: Proceedings of 11th IEEE international requirements engineering conference, 2003, pp 151–161
Araujo R, Gupta S (2005) Design authorization systems using secureUML. In: Foundstone foundstone professional services, 2005, pp 2–16
Jürjens J (2005) Secure systems development with UML. Springer, Berlin
Jürjens J, Shabalin P (2004) Automated verification of UMLsec models for security requirements. In UML 2004—The Unified Modeling Language, volume 2460 of LNCS, 2004, pp 412–425
Best B, Jurjens J, Nuseibeh B (2007) Model-based security engineering of distributed information systems using UMLsec. In: 29th international conference on software engineering, 2007, pp 581–590
Wenzel S, Warzecha D, Jurjens J (2012) Approach for adaptive security monitor generation—secureChange. yumpu.com, 31 Jan 2012. (Online). http://www.yumpu.com/en/document/view/8097461/approach-for-adaptive-security-monitor-generation-securechange. Consulted: 26 Aug 2013
Dahl HEI, Hogganvik I, Stølen K (2007) Structured semantics for the CORAS security risk modeling language. In: Pre-proceedings of the 2nd international workshop on interoperability solutions on trust, security, policies and QoS for enhanced enterprise systems (IS-TSPQ’07), pp 79–92
Lund MS, Solhaug B, Stølen K (2011) The CORAS tool. In: Model-driven risk analysis. Springer, Berlin, Heidelberg, pp 339–346
Vraalsen F, den Braber F, Lund MS, Stølen K (2005) The CORAS tool for security risk analysis. In: Herrmann P, Issarny V, Shiu S (eds) Trust management. Springer, Berlin, pp 402–405
Hogganvik I, Stølen K (2006) A graphical approach to risk identification, motivated by empirical investigations. In: Proceedings of the 9th international conference on model driven engineering languages and systems, Berlin, 2006, pp 574–588
Evans S, Heinbuch D, Kyle E, Piorkowski J, Wallner J (2004) Risk-based systems security engineering: stopping attacks with intention. IEEE Secur Priv 2(6):59–62
Buckshaw DL, Parnell GS, Unkenholz WL, Parks DL, Wallner JM, Saydjari OS (2005) Mission oriented risk and design analysis of critical information systems. Mil Oper Res 10(2):19–38
Morali A, Wieringa R (2010) Risk-based confidentiality requirements specification for outsourced IT systems. In: 2010 18th IEEE international requirements engineering conference (RE), 2010, pp 199–208
CRAC: Confidentiality risk analysis and IT-architecture comparison of business networks. (Online). http://www.tue.nl/en/publication/ep/p/d/ep-uid/231273/. Consulted: 25 Sept 2013
Haley CB, Laney R, Moffett JD, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw En 34(1):133–153
Haley CB, Moffett JD, Laney R, Nuseibeh B (2006) A framework for security requirements engineering. In: Proceedings of the 2006 international workshop on software engineering for secure systems, New York, 2006, pp 35–42
Nuseibeh B, Haley CB, Foster C Securing the skies: in requirements we trust. Computer, In: IEEE Computer Society, pp 46–54
Gürses S, Berendt B, Santen T (2006) Multilateral security requirements analysis for preserving privacy in ubiquitous environments. In: Proceedings of the UKDU workshop, 2006, pp 51–64
Gürses SF, Santen T (2006) Contextualizing security goals: a method for multilateral security requirements elicitation. In: Sicherheit, 2006, vol 6, pp 42–53
Souag A, Salinesi C, Mazo R, Comyn-Wattiau I (2015) A security ontology for security requirements elicitation. In: International symposium on engineering secure software and systems, March 4–6, 2015. To appear
Chernak Y (2012) Requirements reuse: the state of the practice. In: 2012 IEEE international conference on software science, technology and engineering (SWSTE), 2012, pp 4653
Yoshioka N, Washizaki H, Maruyama K (2008) A survey on security patterns. Prog Inf 5(5):35–47
Devanbu PT, Stubblebine S (2000) Software engineering for security: a roadmap. In: Proceedings of the conference on the future of software engineering. ACM, pp 227–239
Mellado D, Blanco C, Sánchez LE, Fernández-Medina E (2010) A systematic review of security requirements engineering. Comput Stand Interfaces 32(4):153–165
Salini P, Kanmani S (2012) Survey and analysis on security requirements engineering. Comput Electron Eng 38(6):1785–1797
Tondel IA, Jaatun MG, Meland PH (2008) Security requirements for the rest of us: a survey. Softw IEEE 25(1):20–27
Elahi G (2009) Security requirements engineering: state of the art and practice and challenges. http://www.cs.utoronto.ca/~gelahi/DepthPaper.pdf
Iankoulova I, Daneva M (2012) Cloud computing security requirements: a systematic review. In: Sixth International conference on research challenges in information science (RCIS). IEEE, 2012, pp 1–7
Baskerville Richard (1993) information systems security design methods: implications for information systems development. ACM Comput Surv (CSUR) 25(4):375–414
Author information
Authors and Affiliations
Corresponding author
Appendix: Systematic mapping study: retrieved publications
Appendix: Systematic mapping study: retrieved publications
Table 4 (in the following) presents the searches conducted and the list of all publications retrieved in our systematic mapping study. For each retrieved paper, the following information is provided: name of the first author, title of the paper, year of publication, and digital library/resource. For each category, and for each conference/workshop, the table gives the number of papers found followed by the number of selected papers (using our selection criteria). Finally, the bold emphasis refers to papers selected; the italic emphasis refers to papers not selected in the SMAP.
Rights and permissions
About this article
Cite this article
Souag, A., Mazo, R., Salinesi, C. et al. Reusable knowledge in security requirements engineering: a systematic mapping study. Requirements Eng 21, 251–283 (2016). https://doi.org/10.1007/s00766-015-0220-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00766-015-0220-8