Design of Secure and Traceable Requirement Engineering Process for Security-Sensitive Projects

With continuous evolution in software industry, security is becoming very important in software projects. However, in many development methodologies, security is thought to be added in the project at later stages of the development lifecycle. There are also many proposed methodologies where the security measures are considered at requirement engineering stage of the development lifecycle, but many of them still do not seem adequate for applicability due to the reason that these approaches do not provide sufficient support for mapping the security requirements to the later stages of development. So, we are in need of a software requirement engineering approach, which is not only helpful in security requirement specification at requirement engineering stage but also provides support for using the specified security requirements at later stages of development. To meet this requirement, we introduce a new method Secure and Traceable Requirement Engineering Process (STREP). This method also helps the non-security-expert requirement engineers to specify requirements in such a way that the specified requirements can be used to derive security related test cases. STREP method not only deals with security issues of the system at requirement engineering stage, but also makes the security requirements more traceable to be used at later stages of development lifecycle, and as a result, secure systems are produced that are also usable as the customer wishes.