Title :
Formality of the Security Specification Process: Benefits Beyond Requirements
Author :
Romero-Mariona, Jose ; Ziv, Hadar ; Richardson, Debra J.
Author_Institution :
Donald Bren Sch. of Inf. & Comput. Sci., Univ. of California, Irvine, Irvine, CA, USA
Abstract :
An important difference among approaches to software requirements specification is the degree of formality of the specification process itself. In this paper we explore 12 approaches to security requirements specification. We divide the 12 approaches into two distinct groups, those that follow a formal specification process and those that follow an informal one. We evaluate and compare the benefits that each group of approaches offers in six key areas, including resulting system´s security, scalability, security requirements integration, constraint consideration, testing benefits, and integration of other requirements. Our analysis shows that security requirements specified using a formal process are highly correlated with benefits that go beyond the requirements stage, compared to requirements specified using an informal process.
Keywords :
formal specification; security of data; informal process; security specification process; software requirements specification; system security; Availability; Computer security; Formal specifications; Information analysis; Information security; Scalability; Software systems; Software testing; System testing;
Conference_Titel :
System Sciences (HICSS), 2010 43rd Hawaii International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4244-5509-6
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2010.212
