A Template-Based Approach To Write Complete Security Requirements For Software Development Environment

Writing quality security requirements contributes to the success of secure software development. It has been a common practice to include security requirements in a software system after the system is defined. Thus, incorporating security requirements at a later stage of software development will increase the risks of security vulnerabilities in software development. However, the process of writing security requirements is tedious and complex. There are a few gaps found in the existing works, categorized into method-related and people-related issues. The method-related issues include the lack of checking on security requirements completeness, security requirements templates, security standards used as reference and automated tool for validation. While, the people-related issues consist of inexperienced requirements engineers, minimal involvement of technical team in defining security requirements and language barriers. Motivated from these gaps, the main objective of this study is to propose a template-based approach to write complete security requirements. This study proposes a new template-based approach to assist the requirements engineers and client-stakeholders for writing complete security requirements. For this, we integrate the template-based approach with security requirements density using probability ratio, syntax-based density using lexical density and security requirements completeness prioritization using numerical assignment. We also developed two new pattern libraries, SecLib and SRCLib to validate the syntax and the completeness of security requirements. Additionally, an automated tool support called SecureMEReq was also developed to realize the approach. Finally, a comprehensive evaluation of the approach, comprising the comparison study between manual and automated tool as well as usability test were conducted. In summary, the findings of the evaluations show that our approach can contribute to the body of knowledge of requirements engineering, especially in enhancing the completeness of writing security requirements. It is found that the approach is able to enhance the completeness level of security requirements compared to the manual approach and produce a complete generation of security requirements. The results of the usability tests show that the approach is useful and helpful in eliciting complete security requirements of software development and able to ease the security requirements elicitation process

The Development of Practical Guidelines for Designing Online Questionnaires

Questionnaires are an inexpensive way to gather data from a potentially large number of respondents. However, it is a long and effort consuming process to conduct the survey manually. As the popularity of the Internet increases, online survey creation software allows an access to individuals in distant locations, the ability to reach difficult to contact participants, and the convenience of having automated data collection, which reduces researcher time and effort. The aim of this study is to develop an Online Questionnaire Builder (OQB), which is an online survey software package to streamline and simplify the entire survey process from design of the questionnaire to the presentation of the results. OQB consists of an intuitive wizard interface for creating surveys, tools for distributing the surveys and analyzing the results. This paper presents the results of our preliminary study. By studying wide numbers of existing surveys, we came up with practical guidelines that should be met before a questionnaire can be considered a sound research tool. The guidelines presented in terms of structure, layout, navigation, formatting, response format and question types. It is expected, with the specified guidelines, OQB will be a useful and automated online application for creating and distributing surveys for the use of researchers or any scholars

A Preliminary Study: Challenges in Capturing Security Requirements and Consistency Checking by Requirement Engineers

There has been a growing concern on the importance of security with the rise of phenomena, such as ecommerce and nomadic and geographically distributed work. Realizing the security early, especially in the requirement analysis phase, is important so that security problems can be tackled early enough before going further in the development process and avoid re-work. Ensuring the consistency of elicited functional security requirement of requirements specification is also crucial as the requirements should be well understood and agreed upon by all the stakeholders and end-users. Therefore, the aim of this paper is to further discuss on the challenges faced by Requirement Engineers (REs) in: (1) capturing Security Requirement and (2) Consistency Checking in Requirement Engineering. Motivated from the need to ensure consistency in functional security requirement for developing secure software and the gaps found in the existing works, a survey has been conducted involving 38 experts in software engineering in the industry. The survey aims to identify the current problems faced by them during the elicitation process, security standards used as the reference, elicitation and validation method, and the important properties considered while developing secure software. Results of the survey show that REs face difficulties to understand the security needs and the existing standards are difficult to understand. Therefore, it is proposed that an automated tool to elicit security requirements should be developed

The Implementation Of Questionnaires Design Principles Via Online Questionnaire Builder

Online Questionnaire Builder (OQB) is web-based survey software that provides complete set of tools for users to conduct the overall survey process from questionnaire design and distribution to the presentation of the survey results. This paper delivers the implementation a comprehensive set of guidelines for the design of online questionnaires via our survey software. The guidelines are drawn from relevant disparate existing studies. Implementation of the design principles are mainly concerning the survey structure, layout, navigation, formatting, response format and question types. The design principles are incorporated within the survey creation software to guide questionnaire design according to best-practice, while the benefits of online-questionnaire delivery can be achieve

Context-Based Information Retrieval of Athletic Sport Management System (ASMS)

Athletic Sport Management System (ASMS) is an online system that help user in managing and handling data for athletic sport event. This system consists of 7 main modules such as registration, lane determination, result representation etc. that will be discussed in this paper. As overall, this paper delivers the design and implementation of ASM. This study intends to develop a computerized system for athletic sport management (ASMs) that could assist administration in planning and managing the athletic sport activity. This paper presents the design and the implementation phase of the research. Context-based information retrieval is being chosen as the searching technique. to enhance the searching capability. Furthermore, we proposed the use of similar word detection and knowledge based in searching module to enhance the retrieval effectiveness

The development of Athletic Sport Management System (ASMS) using context-based information retrieval

This study intends to develop a computerized system for athletic sport management (ASMS) that could assist administration in planning and managing the athletic sport activity.This paper proposed the used of context-based information retrieval in searching module to change the traditional key-word system.Moreover, we proposed the use of similar word detection and knowledge based in searching module to enhance the retrieval effectiveness. This paper will discuss the early stages of the development phase which is mainly about context-based information retrieval and present the proposed system architecture for the system

Automation-Testing For Monitoring The Network Health Of Manufacturing Web-Based Application

In this research, automation-testing approach is proposed to monitor the manufacturing web-based health application. Current monitoring system indicates that all components such as servers, applications, services, ports and URLs are not in critical condition, but operator on the production site could not operate the manufacturing application. The proposed approach will monitor the standard operation in manufacturing web-based application and determine the health state of the whole production. Automated script is executed and response time is captured as the performance indicator. A web-based reporting will display response times mapped in different graphs. From the preliminary testing result, graphs are compared and analyze. Finally, the comparison result will determine the abnormalities of the manufacturing application