Security Quality Requirements Engineering (SQUARE): Case Study Phase III

This special report is the third in a series by the Software Engineering Institute focusing on the practical application of the Security Quality Requirements Engineering (SQUARE) process. In this report, a student team presents their results of working with three clients over the course of a semester. Each client was developing a large-scale software application and worked with the students to generate security requirements. The students' main contribution to the SQUARE process was to determine how existing software requirements-elicitation techniques could be applied to software security requirements (as opposed to end-user requirements).

With each client, the students implemented a different structured requirements-elicitation technique: Issue-Based Information Systems with an information technology firm, Joint Application Development (JAD) with the Delta client, and the Accelerated Requirements Method (ARM) with the Beta client. The ARM technique, which is a variant of JAD, held the most promise for inclusion in future applications of SQUARE. In addition to an analysis of the three elicitation techniques, the student team also generated feedback and recommendations on different steps of the SQUARE process, such as requirements prioritization and inspection. They found the Analytic Hierarchy Process to be highly useful for prioritizing requirements quickly; however, they did not find a requirements inspection technique that was well suited for any of the clients.

PDF [1813 KB]

Authors

Eric Hough

Don Ojoko-Adams

Lydia Chung

Frank Hung

Authors

Nancy R. Mead

This report is related to the following area(s) of work:

Case Studies
Security and Survivability

Special Report
CMU/SEI-2006-SR-003
May 2006

Cite This Report

SEI:

Hough, Eric; Ojoko-Adams, Don; Chung, Lydia; Hung, Frank; & Mead, Nancy. Security Quality Requirements Engineering (SQUARE): Case Study Phase III (CMU/SEI-2006-SR-003). Software Engineering Institute, Carnegie Mellon University, 2006. http://www.sei.cmu.edu/library/abstracts/reports/06sr003.cfm

IEEE:

E. Hough, D. Ojoko-Adams, L. Chung, F. Hung, and N. Mead, "Security Quality Requirements Engineering (SQUARE): Case Study Phase III," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Special Report CMU/SEI-2006-SR-003, 2006. http://www.sei.cmu.edu/library/abstracts/reports/06sr003.cfm

APA:

Hough, E., Ojoko-Adams, D., Chung, L., Hung, F., & Mead, N. (2006). Security Quality Requirements Engineering (SQUARE): Case Study Phase III (CMU/SEI-2006-SR-003). Retrieved May 23, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/06sr003.cfm

CHI:

Hough, Eric, Don Ojoko-Adams, Lydia Chung, Frank Hung, and Nancy Mead. Security Quality Requirements Engineering (SQUARE): Case Study Phase III (CMU/SEI-2006-SR-003). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2006. http://www.sei.cmu.edu/library/abstracts/reports/06sr003.cfm

MLA:

Hough, E., Ojoko-Adams, D., Chung, L., Hung, F., & Mead, N. 2006. Security Quality Requirements Engineering (SQUARE): Case Study Phase III (Technical Report CMU/SEI-2006-SR-003). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/06sr003.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.