SECURITY REQUIREMENTS ELICITATION AND CONSISTENCY VALIDATION: A SYSTEMATIC LITERATURE REVIEW

摘要

Security requirements are important in developing secure software development. Objectives: This study plans to identify properties of security requirements for developing secure software as well as to analyse the existing works for requirements validation. The gaps and limitations of each approach was discussed in this study. Method: A systematic literature review is conducted to identify and analyse related literature on elicitation of security requirements for developing secure software. Findings: There are four results: (1) the security properties highly considered for developing secure software are ?Confidentiality?, ?Integrity? ?Identification & Authentication?, and ?Availability?; (2) the approaches in validating security requirements are controlled user experiments, tools and manual checklist; (3) the security references used are the NIST, the Common Criteria and the ISO/IEC; and (4) security requirements template and consistency checking. Finally, the gaps and limitations of the existing works were also discussed. Conclusion: The primary challenge of security requirements during elicitation is to write the correct security requirements and validating the consistency of security requirements. As such, requirements engineers should consider the challenges posed by security requirements in eliciting and validating security requirements.