Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Security Requirements Reusability and the SQUARE Methodology

  • September 2010
  • By Travis Christian, Nancy R. Mead
  • In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
  • Publisher: Software Engineering Institute
    CMU/SEI Report Number: CMU/SEI-2010-TN-027
  • Abstract

    Security is often neglected during requirements elicitation, which leads to tacked-on designs, vulnerabilities, and increased costs. When security requirements are defined, they are often either too vague to be of much use or overly specific in constraining designers to use particular mechanisms. The CERT Program, part of Carnegie Mellon University's Software Engineering Institute, has developed the Security Quality Requirements Engineering (SQUARE) methodology to correct this shortcoming by integrating security analysis into the requirements engineering process. 

    SQUARE can be improved upon by considering the inclusion of generalized, reusable security requirements to produce better-quality specifications at a lower cost. Because many software-intensive systems face similar security threats and address those threats in fairly standardized ways, there is potential for reuse of security goals and requirements if they are properly specified. Full integration of reuse into SQUARE requires a common understanding of security concepts and a body of well-written and generalized requirements. This study explores common security criteria as a hierarchy of concepts and relates those criteria to examples of reusable security goals and requirements for inclusion in a new variant of SQUARE focusing on reusability, R-SQUARE.

  • Download

Cite This Report

SEI

Christian, Travis; & Mead, Nancy. Security Requirements Reusability and the SQUARE Methodology. CMU/SEI-2010-TN-027. Software Engineering Institute, Carnegie Mellon University. 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9389

IEEE

Christian. Travis, and Mead. Nancy, "Security Requirements Reusability and the SQUARE Methodology," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note CMU/SEI-2010-TN-027, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9389

APA

Christian, Travis., & Mead, Nancy. (2010). Security Requirements Reusability and the SQUARE Methodology (CMU/SEI-2010-TN-027). Retrieved March 22, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9389

CHI

Travis Christian, & Nancy Mead. Security Requirements Reusability and the SQUARE Methodology (CMU/SEI-2010-TN-027). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2010. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9389

MLA

Christian, Travis., & Mead, Nancy. 2010. Security Requirements Reusability and the SQUARE Methodology (Technical Report CMU/SEI-2010-TN-027). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9389

BibTex

@techreport{ChristianSecurityRequirements2010,
title={Security Requirements Reusability and the SQUARE Methodology},
author={Travis Christian and Nancy Mead},
year={2010},
number={CMU/SEI-2010-TN-027},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=9389} }