What Are SATREP Security Requirements
This is phase
of the SATREP method which specifies and plan security requirements and this is
done at requirement engineering stage by using holistic approach. Following are
the main components of this phase:
1) Specification Planning
2) Security Requirements
3)Misuse Cases Specification
1) Specification Planning: For specifying the security requirements CLASP method is used which has 30 activities but in our method only those activities are taken which are more important for security related projects.
A set of tasks is developed after the specification planning and these tasks are executed for completing the requirement specification phase secure and successful manner.
2) Security Requirements Specification: Specification of the security requirements are in three steps. Specification process is refined in each step. These steps have been derived from the USeR method. These steps have been explained as under:
· Security Sensitive Statements: We found that most of the customers are not aware from the security threats and issues. Customers and requirement engineer normally define requirement for functional aspects. In this stage for extracting the security requirements functional requirements are reviewed.
· Security Issues: Security requirements which are identified in the first step help developers to understand the issues which are related to the functional requirements. More than one issue may be detected from security statements.
· Security Requirement: After reviewing the security issues it becomes easy to specify security requirements. Each of the security issue may help to specify security requirements.
By using the above steps security statements are changed in security requirements. This is help for non security experts for specifying the security requirements.
3) Misuse Cases Specification: Misuse case a technique is also used for providing assistance for the security requirement specification. An inverse approach of the security requirement specification is proposed by misuse case technique.
In this technique attacks are made to destroy the system for achieving the malicious goal. Misuse case gives information about the security related issues. Consequence of the successful attack is considered in this stage which helps the developers to prioritize security requirements. It helps to understand the affects of the attack.
Possible threats of the system resource are considered in misuse threats. Security threats are considered in requirement engineering phase and inform us about the ways that how a system can be harmed. It helps the developers to overcome the affects of the threats.
1 thought on “What Are SATREP Security Requirements?”