期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2018
卷号:96
期号:16
出版社:Journal of Theoretical and Applied
摘要:Security requirements are important in developing secure software development. Objectives: This study plans to identify properties of security requirements for developing secure software as well as to analyse the existing works for requirements validation. The gaps and limitations of each approach was discussed in this study. Method: A systematic literature review is conducted to identify and analyse related literature on elicitation of security requirements for developing secure software. Findings: There are four results: (1) the security properties highly considered for developing secure software are �Confidentiality�, �Integrity� �Identification & Authentication�, and �Availability�; (2) the approaches in validating security requirements are controlled user experiments, tools and manual checklist; (3) the security references used are the NIST, the Common Criteria and the ISO/IEC; and (4) security requirements template and consistency checking. Finally, the gaps and limitations of the existing works were also discussed. Conclusion: The primary challenge of security requirements during elicitation is to write the correct security requirements and validating the consistency of security requirements. As such, requirements engineers should consider the challenges posed by security requirements in eliciting and validating security requirements.
