Enhancing Security Requirements Engineering by Organisational Learning

More and more software projects today are security-related in one way or the other. Requirements engineers often fail to recognise indicators for security problems which is a major source of security problems in practice. Identifying security-relevant requirements is labour-intensive and errorprone. In order to facilitate the security requirements elicitation process, we present an approach supporting organisational learning on security requirements by establishing company-wide experience resources, and a socio-technical network to benefit from them. The approach is based on modelling the flow of requirements and related experiences. Based on those models, we enable people to exchange experiences about security-requirements while they write and discuss project requirements. At the same time, the approach enables participating stakeholders to learn while they write requirements. This can increase security awareness and facilitate learning on both individual and organisational levels. As a basis for our approach, we introduce heuristic assistant tools which support reuse of existing security-related experiences. In particular, they include Bayesian classifiers which issue a warning automatically when new requirements seem to be security-relevant. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. We show how the ability to identify security-relevant requirements can be improved using this approach. We illustrate our approach by providing a step-by-step example of how we improved the security requirements engineering process at the European Telecommunications Standards Institute (ETSI) and report on experiences made in this application.

Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec

Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams, and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 (Common Criteria) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the Common Criteria. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the Common Criteria and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design,which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the Common Criteria, the heuristic requirements editorHeRA, andUMLsec. SecReqmakes systematic use of the security engineering knowledge contained in the Common Criteria and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the Common Criteria, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experiencewithin SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.

Looking behaviour and preference for artworks: The role of emotional valence and location

The position of an item influences its evaluation, with research consistently finding that items occupying central locations are preferred and have a higher subjective value. The current study investigated whether this centre-stage effect (CSE) is a result of bottom-up gaze allocation to the central item, and whether it is affected by item valence. Participants (n=50) were presented with three images of artistic paintings in a row and asked to choose the image they preferred. Eye movements were recorded for a subset of participants (n=22). On each trial the three artworks were either similar but different, or were identical and with positive valence, or were identical and with negative valence. The results showed a centre-stage effect, with artworks in the centre of the row preferred, but only when they were identical and of positive valence. Significantly greater gaze allocation to the central and left artwork was not mirrored by equivalent increases in preference choices. Regression analyses showed that when the artworks were positive and identical the participants’ last fixation predicted preference for the central art-work, whereas the fixation duration predicted preference if the images were different. Overall the result showed that item valence, rather than level of gaze allocation, influences the CSE, which is incompatible with the bottom-up gaze explanation. We propose that the centre stage heuristic, which specifies that the best items are in the middle, is able to explain these findings and the centre-stage effect.