Skip to Main content Skip to Navigation
Conference papers

A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering

Abstract : One of the most important aspects that help improve the quality and cost of secure information systems in their early stages of the development lifecycle is Security Requirements Engineering (SRE). However, obtaining such requirements is non-trivial. One domain dealing also with eliciting security requirements is Risk Analysis (RA). Therefore, we perform a review of SRE methods in order to analyse which ones are compatible with RA processes. Moreover, the transition from these early security requirements to security policies at later stages in the lifecycle is generally non-automatic, informal and incomplete. To deal with such issues, model-driven engineering (MDE) uses formal models and automatic model transformations. Therefore, we also review which SRE methods are compatible with MDE approaches. Consequently, our review is based on criteria derived partially from existing survey works, further enriched and specialized in order to evaluate the compatibility of SRE methods with the disciplines of RA and MDE. It summarizes the evidence regarding this issue so as to improve understanding and facilitate evaluating and selecting SRE methods.
Complete list of metadata

Cited literature [32 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 28, 2016 - 11:23:08 AM
Last modification on : Tuesday, February 15, 2022 - 3:41:35 AM
Long-term archiving on: : Tuesday, March 21, 2017 - 2:38:03 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Denisse Muñante, Vanea Chiprianov, Laurent Gallon, Philippe Aniorte. A Review of Security Requirements Engineering Methods with Respect to Risk Analysis and Model-Driven Engineering. International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES), Sep 2014, Fribourg, Switzerland. pp.79-93, ⟨10.1007/978-3-319-10975-6_6⟩. ⟨hal-01403987⟩



Record views


Files downloads