Class diagram for the proposed model

Class diagram for the proposed model

Source publication
Article
Full-text available
Forming high quality requirements has a direct impact on project success. Gathering security requirements could be challenging, since it demands a multidisciplinary approach and security expertise. Security requirements repository enables an effective alternative for addressing this challenge. The main objective of this paper is to present the desi...

Contexts in source publication

Context 1
... class diagram of the model can be seen in Fig. 9. Nonsecurity requirements form "Reference" part of the repository, which is shown in pink color in the figure. These non-security requirements should be the basis to capture the security requirements. To use the knowledge stored in the Reference part, the "Dictionary" and "Library" parts of the repository should be filled with data. ...
Context 2
... part of the repository is the "Dictionary", which is indicated using blue color in Fig. 9. The requirements defined in "Reference" part should be related to the security requirements already saved in the repository's "Library" part. "Dictionary" contains the names of distinctive types of possible user profiles, different operating systems, distinctive authentication mechanisms and access control systems, which are known or ...
Context 3
... have security vulnerabilities. Filling in the dictionary part is the relatively easy part of building the repository and it does not take an excessive amount of time. It requires security and system knowledge. Yet, once it is complete, maintenance does not require an excess of exertion. This part would not change much from project to project. In Fig. 9, it can be seen that application/system features are partitioned into different groups. These components/features are all related to the main application/system in some way. An application/system may be related to one or more application system components and an application/system component may be related to one or more application. ...
Context 4
... part of the repository, shown using the green color in Fig. 9, is where security requirements templates are stored. The requirements are expressed using short sentences in natural language. The security requirement templates are called "Requirement Template" instead of "Requirement" only. The reason is the requirements are expected to have parts to be adopted/ changed/specialized before using in ...
Context 5
... described in the methodology section, the data structure shown in Fig. 9 in the Appendix Section was transferred to a spreadsheet design. Top-level relationships of this diagram are provided in Fig. 3. In this design, the functional and non-functional non-security requirements, "Reference Part" is expected to be in a txt file. Fig. 5 (a) presents a sample storage of the "Dictionary Part". Fig. 5 (b) ...