Security Requirements Reusability and the SQUARE Methodology
• Technical Note
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2010-TN-027DOI (Digital Object Identifier)
10.1184/R1/6583700.v1Abstract
Security is often neglected during requirements elicitation, which leads to tacked-on designs, vulnerabilities, and increased costs. When security requirements are defined, they are often either too vague to be of much use or overly specific in constraining designers to use particular mechanisms. The CERT Program, part of Carnegie Mellon University's Software Engineering Institute, has developed the Security Quality Requirements Engineering (SQUARE) methodology to correct this shortcoming by integrating security analysis into the requirements engineering process.
SQUARE can be improved upon by considering the inclusion of generalized, reusable security requirements to produce better-quality specifications at a lower cost. Because many software-intensive systems face similar security threats and address those threats in fairly standardized ways, there is potential for reuse of security goals and requirements if they are properly specified. Full integration of reuse into SQUARE requires a common understanding of security concepts and a body of well-written and generalized requirements. This study explores common security criteria as a hierarchy of concepts and relates those criteria to examples of reusable security goals and requirements for inclusion in a new variant of SQUARE focusing on reusability, R-SQUARE.
Part of a Collection
Security Quality Requirements Engineering (SQUARE)
Cybersecurity Engineering Research: Security Quality Requirements Engineering (SQUARE) Collection
Cite This Technical Note
Christian, T., & Mead, N. (2010, September 1). Security Requirements Reusability and the SQUARE Methodology. (Technical Note CMU/SEI-2010-TN-027). Retrieved April 19, 2024, from https://doi.org/10.1184/R1/6583700.v1.
@techreport{christian_2010,
author={Christian, Travis and Mead, Nancy},
title={Security Requirements Reusability and the SQUARE Methodology},
month={Sep},
year={2010},
number={CMU/SEI-2010-TN-027},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6583700.v1},
note={Accessed: 2024-Apr-19}
}
Christian, Travis, and Nancy Mead. "Security Requirements Reusability and the SQUARE Methodology." (CMU/SEI-2010-TN-027). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, September 1, 2010. https://doi.org/10.1184/R1/6583700.v1.
T. Christian, and N. Mead, "Security Requirements Reusability and the SQUARE Methodology," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2010-TN-027, 1-Sep-2010 [Online]. Available: https://doi.org/10.1184/R1/6583700.v1. [Accessed: 19-Apr-2024].
Christian, Travis, and Nancy Mead. "Security Requirements Reusability and the SQUARE Methodology." (Technical Note CMU/SEI-2010-TN-027). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Sep. 2010. https://doi.org/10.1184/R1/6583700.v1. Accessed 19 Apr. 2024.
Christian, Travis; & Mead, Nancy. Security Requirements Reusability and the SQUARE Methodology. CMU/SEI-2010-TN-027. Software Engineering Institute. 2010. https://doi.org/10.1184/R1/6583700.v1