Security Quality Requirements Engineering (SQUARE): Case Study Phase III
CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST
Pagination or Media Count:
This special report is the third in a series by the Software Engineering Institute focusing on the practical application of the Security Quality Requirements Engineering SQUARE process. In this report, a student team presents their results of working with three clients over the course of a semester. Each client was developing a large-scale software application and worked with the students to generate security requirements. The students main contribution to the SQUARE process was to determine how existing software requirements-elicitation techniques could be applied to software security requirements as opposed to end-user requirements. With each client, the students implemented a different structured requirements-elicitation technique Issue- Based Information Systems with an information technology firm, Joint Application Development JAD with the Delta client, and the Accelerated Requirements Method ARM with the Beta client. The ARM technique, which is a variant of JAD, held the most promise for inclusion in future applications of SQUARE. In addition to an analysis of the three elicitation techniques, the student team also generated feedback and recommendations on different steps of the SQUARE process, such as requirements prioritization and inspection. They found the Analytic Hierarchy Process to be highly useful for prioritizing requirements quickly however, they did not find a requirements inspection technique that was well suited for any of the clients.
- Computer Programming and Software
- Manufacturing and Industrial Engineering and Control of Production Systems