Department of Computer Science and Engineering, Sri Eshwar College of Engineering, Coimbatore, Tamil Nadu, India.
Comput Intell Neurosci. 2022 Aug 18;2022:1872079. doi: 10.1155/2022/1872079. eCollection 2022.
Today, we completely rely on Information Technology (IT) applications for every aspect of daily life, including business and online transactions. In addition to using these IT-enabled applications for business purposes, we also use WhatsApp, Facebook, and a variety of other IT applications to communicate with others. However, there will undoubtedly be a drawback to every benefit. Since everything is linked to the Internet, there are many opportunities for security to be compromised. To address this, we are working to identify security threats early on in the software development process, specifically during the requirements phase. During the requirement engineering process, an engineer can recognize the security specifications in a more structured manner to create threat-free software. In our research work, we suggest the Identification of Security Threats during Requirement Engineering (ISTDRE) technique for detecting security risks throughout the requirement engineering process. The four points that make up this ISTDRE technique are Hack Point (HP), Speculation Point (SP), Trust Point (TP), and Reliable Point (RP). The new ISTDRE methodology will be validated using a case study of an ERP system involving two currently used methodologies: Model Oriented Security Requirements Engineering (MOSRE) and System Quality Requirements Engineering (SQUARE).
如今,我们的日常生活的方方面面都完全依赖信息技术(IT)应用,包括商业和在线交易。除了将这些 IT 应用用于商业目的外,我们还使用 WhatsApp、Facebook 和各种其他 IT 应用与他人进行沟通。然而,每个好处都无疑会有一个缺点。由于一切都与互联网相连,因此存在许多安全受到威胁的机会。为了解决这个问题,我们正在努力在软件开发过程的早期阶段识别安全威胁,特别是在需求阶段。在需求工程过程中,工程师可以以更结构化的方式识别安全规范,从而创建无威胁的软件。在我们的研究工作中,我们建议在需求工程中识别安全威胁(ISTDRE)技术,以在整个需求工程过程中检测安全风险。该 ISTDRE 技术由四个部分组成:黑客点(HP)、推测点(SP)、信任点(TP)和可靠点(RP)。新的 ISTDRE 方法将使用涉及两种当前使用方法的 ERP 系统案例研究进行验证:面向模型的安全需求工程(MOSRE)和系统质量需求工程(SQUARE)。
