Rethinking Security Requirements in RE Research
Abstract
As information security became an increasing concern for software developers and users, requirements engineering (RE) researchers brought new insight to security requirements. Security requirements aim to address security at the early stages of system design while accommodating the complex needs of different stakeholders. Meanwhile, other research communities, such as usable privacy and security, have also examined these requirements with specialized goal to make security more usable for stakeholders from product owners, to system users and administrators. In this paper we report results from conducting a literaturesurvey to compare security requirements research from RE Conferences with the Symposium on Usable Privacy and Security (SOUPS). We report similarities between the two research areas, such as common goals, technical definitions, research problems, and directions. Further, we clarify the differences between these two communities to understand how they can leverage each others insights. From our analysis, we recommend new directions in security requirements research mainly to expand the meaning of security requirements in RE to reflect the technological advancements that the broader field of security is experiencing. These recommendations to encourage cross collaboration with other communities are not limited to the security requirements area; in fact, we believe they can begeneralized to other areas of RE.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 24, 2014
- Accession Number
- AD1019564
Entities
People
- Hanan Hibshi
- Jianwei Niu
- Rocky Slavin
- Travis D. Breaux
Organizations
- Carnegie Mellon University