Biblio

Filters: Keyword is requirements; security; privacy; usability; literature survey  [Clear All Filters]
2015-01-13
Hibshi, Hanan, Slavin, Rocky, Niu, Jianwei, Breaux, Travis.  2014.  Rethinking Security Requirements in RE Research.

As information security became an increasing
concern for software developers and users, requirements
engineering (RE) researchers brought new insight to security
requirements. Security requirements aim to address security at
the early stages of system design while accommodating the
complex needs of different stakeholders. Meanwhile, other
research communities, such as usable privacy and security,
have also examined these requirements with specialized goal to
make security more usable for stakeholders from product
owners, to system users and administrators. In this paper we
report results from conducting a literature survey to compare
security requirements research from RE Conferences with the
Symposium on Usable Privacy and Security (SOUPS). We
report similarities between the two research areas, such as
common goals, technical definitions, research problems, and
directions. Further, we clarify the differences between these
two communities to understand how they can leverage each
other’s insights. From our analysis, we recommend new
directions in security requirements research mainly to expand
the meaning of security requirements in RE to reflect the
technological advancements that the broader field of security is
experiencing. These recommendations to encourage crosscollaboration
with other communities are not limited to the
security requirements area; in fact, we believe they can be
generalized to other areas of RE.

2016-12-07
Hanan Hibshi, Rocky Slavin, Jianwei Niu, Travis Breaux.  2014.  Rethinking Security Requirements in RE Research .

As information security became an increasing concern for software developers and users, requirements engineering (RE) researchers brought new insight to security requirements. Security requirements aim to address security at the early stages of system design while accommodating the complex needs of different stakeholders. Meanwhile, other research communities, such as usable privacy and security, have also examined these requirements with specialized goal to make security more usable for stakeholders from product owners, to system users and administrators. In this paper we report results from conducting a literature survey to compare security requirements research from RE Conferences with the Symposium on Usable Privacy and Security (SOUPS). We report similarities between the two research areas, such as common goals, technical definitions, research problems, and directions. Further, we clarify the differences between these two communities to understand how they can leverage each other’s insights. From our analysis, we recommend new directions in security requirements research mainly to expand the meaning of security requirements in RE to reflect the technological advancements that the broader field of security is experiencing. These recommendations to encourage crosscollaboration with other communities are not limited to the security requirements area; in fact, we believe they can be generalized to other areas of RE.