SecureMEReq: A Tool Support to Check for Completeness of Security Requirements
Nuridawati Mustafa1, Massila Kamalrudin2, Safiah Sidek3
1Nuridawati Mustafa, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, Durian Tunggal, Melaka, Malaysia.
2Massila Kamalrudin, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, Durian Tunggal, Melaka, Malaysia. Institute of Technology Management and Enterpreneurship, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, Durian Tunggal, Melaka, Malaysia.
3Safiah Sidek, Institute of Technology Management and Enterpreneurship, Universiti Teknikal Malaysia Melaka, Hang Tuah Jaya, Durian Tunggal, Melaka, Malaysia.
Manuscript received on 12 October 2019 | Revised Manuscript received on 21 October 2019 | Manuscript Published on 02 November 2019 | PP: 768-771 | Volume-8 Issue-2S11 September 2019 | Retrieval Number: B11250982S1119/2019©BEIESP | DOI: 10.35940/ijrte.B1125.0982S1119
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Quality security requirements help secure software development to succeed. While considerable research can be discovered in the field of demands elicitation, less attention has been paid to the writing of full security specifications. The demands engineers (REs) are still challenged and tedious in implementing and reporting full safety needs derived from Natural language. This is due to their tendency to misunderstand the real needs and the security terms used by inexperienced REs leading to incomplete security requirements. Motivated from these problems, we have developed a prototype tool, called SecureMEReq to improve the writing of complete security requirements. This tool provides four important key-features, which are (1) extraction of template-based components from client-stakeholders; (2) analysis of template-based density from SRCLib; (3) analysis of requirements syntax density from SecLib; and (4) analysis of completeness prioritization. To do this, we used our pattern libraries: SecLib and SRCLib to support the automation process of elicitation, especially in writing the security requirements. Our evaluation results show that our prototype tool is capable to facilitate the writing of complete security requirements and useful in assisting the REs to elicit the security requirements.
Keywords: Tool Security Requirements, Template-Based Approach, Security Requirements Completeness, Template-Based Density, Syntax Density.
Scope of the Article: Software Engineering Decision Support