What Is the Structure of a Security Requirement?

Abstract: Well-defined and unambiguous security requirements are essential for developing secure software systems. Misinterpretation of security terms and insufficient knowledge about security terminology can lead to inappropriate security requirements which, in turn, leave the system vulnerable to attacks. There exist many methods for eliciting and specifying security requirements. Among the possible methods, ontologies and templates can be used in order to elicit and/or specify security requirements.  The objective of this study is to identify some common security concepts as well as some generic properties that characterize a security requirement, by comparing how ontologies and templates methods define and use security requirements.  A comparison framework is therefore built in this thesis and applied to compare three ontology methods and three template methods in order to identify the generic properties and the security concepts that are related to security requirements. The properties and security concepts are analysed based on how they relate to the security requirements. The results of the study show that the security concepts that are mostly addressed by ontology and template methods considered in this work are: threat, asset, countermeasure and security objectives. It is also found that security requirements can be specified in different ways depending on which security concepts they concern.