Software security requirements engineering: State of the art

Software Engineering has established techniques, methods and technology over two decades. However, due to the lack of understanding of software security vulnerabilities, we have not been so successful in applying software engineering principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security can not be just added after a system has been built and delivered to customers as seen in today’s software applications. This keynote paper provides concise methods, techniques, and best practice requirements guidelines on software security and also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators

Flash glucose monitoring with the FreeStyle Libre 2 compared with self-monitoring of blood glucose in suboptimally controlled type 1 diabetes: the FLASH-UK randomised controlled trial protocol.

INTRODUCTION: Optimising glycaemic control in type 1 diabetes (T1D) remains challenging. Flash glucose monitoring with FreeStyle Libre 2 (FSL2) is a novel alternative to the current standard of care self-monitoring of blood glucose (SMBG). No randomised controlled trials to date have explored the potential benefits of FSL2 in T1D. We aim to assess the impact of FSL2 in people with suboptimal glycaemic control T1D in comparison with SMBG. METHODS: This open-label, multicentre, randomised (via stochastic minimisation), parallel design study conducted at eight UK secondary and primary care centres will aim to recruit 180 people age ≥16 years with T1D for >1 year and glycated haemoglobin (HbA1c) 7.5%-11%. Eligible participants will be randomised to 24 weeks of FSL2 (intervention) or SMBG (control) periods, after 2-week of blinded sensor wear. Participants will be assessed virtually or in-person owing to the COVID-19 pandemic. HbA1c will be measured at baseline, 12 and 24 weeks (primary outcome). Participants will be contacted at 4 and 12 weeks for glucose optimisation. Control participants will wear a blinded sensor during the last 2 weeks. Psychosocial outcomes will be measured at baseline and 24 weeks. Secondary outcomes include sensor-based metrics, insulin doses, adverse events and self-report psychosocial measures. Utility, acceptability, expectations and experience of using FSL2 will be explored. Data on health service resource utilisation will be collected. ANALYSIS: Efficacy analyses will follow intention-to-treat principle. Outcomes will be analysed using analysis of covariance, adjusted for the baseline value of the corresponding outcome, minimisation factors and other known prognostic factors. Both within-trial and life-time economic evaluations, informed by modelling from the perspective of the National Health Service setting, will be performed. ETHICS: The study was approved by Greater Manchester West Research Ethics Committee (reference 19/NW/0081). Informed consent will be sought from all participants. TRIAL REGISTRATION NUMBER: NCT03815006. PROTOCOL VERSION: 4.0 dated 29 June 2020.Diabetes U

improving mockup based requirement specification with end user annotations

Agile approaches, one of the key methodologies used in today's software projects, often rely on user interface mockups for capturing the goals that the system must satisfy. Mockups, as any other requirement artifact, may suffer from ambiguity and contradiction issues when several points of view are surveyed/elicited by different analysts. This article introduces a novel approach that enhances mockups with friendly end-user annotations that helps formalizing the requirements and reducing or identifying conflicts. We present an evaluation of the approach in order to measure how the use of annotations improves requirements quality

Ontology-Driven guidance for requirements elicitation

Requirements managers aim at keeping their sets of requirements well-defined, consistent and up to date throughout a project’s life cycle. Semantic web technologies have found many valuable applications in the field of requirements engineering, with most of them focusing on requirements analysis. However the usability of results originating from such requirements analyses strongly depends on the quality of the original requirements, which often are defined using natural language expressions without meaningful structures. In this work we present the prototypic implementation of a semantic guidance system used to assist requirements engineers with capturing requirements using a semi-formal representation. The semantic guidance system uses concepts, relations and axioms of a domain ontology to provide a list of suggestions the requirements engineer can build on to define requirements. The semantic guidance system is evaluated based on a domain ontology and a set of requirements from the aerospace domain. The evaluation results show that the semantic guidance system supports the requirements engineer in defining well-structured requirements

Using trust assumptions with security requirements

Assumptions are frequently made during requirements analysis of a system about the trustworthiness of its various components (including human components). These trust assumptions, whether implicit or explicit, affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. This paper presents trust assumptions in the context of analysis of security requirements. A running example shows how trust assumptions can be used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process. The paper concludes with a case study examining the impact of trust assumptions on software that uses the Secure Electronic Transaction (SET) specification