Performance Analysis of Security Requirements Engineering Framework by Measuring the Vulnerabilities

Performance Analysis of Security Requirements

Engineering Framework by Measuring the Vulnerabilities

Salini Prabhakaran1 and Kanmani Selvadurai2

1Department of Computer Science and Engineering, Pondicherry Engineering College, India

2Department of Information Technology, Pondicherry Engineering College, India

Abstract: To develop security critical web applications, specifying security requirements is important, since 75% to 80% of all attacks happen at the web application layer. We adopted security requirements engineering methods to identify security requirements at the early stages of software development life cycle so as to minimize vulnerabilities at the later phases. In this paper, we present the evaluation of Model Oriented Security Requirements Engineering (MOSRE) framework and Security Requirements Engineering Framework (SREF) by implementing the identified security requirements of a web application through each framework while developing respective web application. We also developed a web application without using any of the security requirements engineering method in order to prove the importance of security requirements engineering phase in software development life cycle. The developed web applications were scanned for vulnerabilities using the web application scanning tool. The evaluation was done in two phases of software development life cycle: requirements engineering and testing. From the results, we observed that the number of vulnerabilities detected in the web application developed by adopting MOSRE framework is less, when compared to the web applications developed adopting SREF and without using any security requirements engineering method. Thus, this study led the requirements engineers to use MOSRE framework to elicit security requirements efficiently and also trace security requirements from requirements engineering phase to later phases of software development life cycle for developing secure web applications.

Keywords: Requirements engineering, security mechanism, security requirements, security requirements engineering, web applications and vulnerabilities.

Received December 15, 2014; accepted April 5, 2015


  

Read 2058 times Last modified on Thursday, 17 May 2018 05:46
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…