Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
An approach for reviewing security-related aspects in agile requirements specifications of web applications
Pontifical Catholic University of Rio de Janeiro, BRA.
Pontifical Catholic University of Rio de Janeiro, BRA.
Pontifical Catholic University of Rio de Janeiro, BRA.
Pontifical Catholic University of Rio de Janeiro, BRA.
Vise andre og tillknytning
2019 (engelsk)Inngår i: Proceedings of the IEEE International Conference on Requirements Engineering, IEEE Computer Society , 2019, s. 86-97Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Defects in requirements specifications can have severe consequences during the software development lifecycle. Some of them result in overall project failure due to incorrect or missing quality characteristics such as security. There are several concerns that make security difficult to deal with; for instance, (1) when stakeholders discuss general requirements in meetings, they are often unaware that they should also discuss security-related topics, and (2) they typically do not have enough expertise in security. This often leads to unspecified or ill-defined security-related aspects. These concerns become even more challenging in agile contexts, where lightweight documentation is typically involved. The goal of this paper is to design and evaluate an approach for reviewing security-related aspects in agile requirements specifications of web applications. The approach considers user stories and security specifications as input and relates those user stories to security properties via Natural Language Processing. Based on the related security properties, our approach then identifies high-level security requirements from the Open Web Application Security Project to be verified and generates a reading technique to support reviewers in detecting defects. We evaluate our approach via two controlled experiment trials. We compare the effectiveness and efficiency of novice inspectors verifying security aspects in agile requirements using our approach against using the complete list of high-level security requirements. The (statistically significant) results indicate that using our approach has a positive impact (with large effect size) on the performance of inspectors in terms of effectiveness and efficiency. © 2019 IEEE.

sted, utgiver, år, opplag, sider
IEEE Computer Society , 2019. s. 86-97
Emneord [en]
Agile requirements, Requirements verification, Software inspection, Software security, Computer software selection and evaluation, Cryptography, Defects, Efficiency, Life cycle, Natural language processing systems, Requirements engineering, Software design, Specifications, Verification, Effectiveness and efficiencies, NAtural language processing, Open web application security projects, Software development life cycle, Network security
HSV kategori
Identifikatorer
URN: urn:nbn:se:bth-19084DOI: 10.1109/RE.2019.00020Scopus ID: 2-s2.0-85076927129ISBN: 9781728139128 (tryckt)OAI: oai:DiVA.org:bth-19084DiVA, id: diva2:1383924
Konferanse
27th IEEE International Requirements Engineering Conference, RE, Ramada Plaza Jeju Ocean FrontJeju Island; South Korea, 23 September 2019 through 27 September 2019
Tilgjengelig fra: 2020-01-09 Laget: 2020-01-09 Sist oppdatert: 2020-01-09bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopus

Personposter BETA

Mendez, Daniel

Søk i DiVA

Av forfatter/redaktør
Mendez, Daniel
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric

doi
isbn
urn-nbn
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf