Eliciting security requirements method based on safety knowledge base

Abstract

With the development of software technology, software security is receiving more and more attention. Security requirement is a key stage in the process of software development. In the present research, we propose a method to elicit security requirements; that is developed based on safety knowledge base. In the method, we perform analysis based on the asset, threat and Common Criteria security function components. Then, we summarize the relationship of the three. Based on this, we establish a safety knowledge base. Starting from the functional requirements of the application system, the system assets will be analyzed and matched automatically based on the established safety knowledge base, and finally we elicit the security requirements. The approach is very effective for the purpose of security requirement analysis, and elicits security requirements easily and efficiently. It will be very helpful for security software development. © 2012 Springer-Verlag Berlin Heidelberg.