International Journal of Engineering Trends and Technology- Volume3Issue4- 2012
A Secured Requirement Engineering Approach in online
shopping System
(1)
(2)
P.Mahizharuvi,
Research Scholar,
Dept of MCA, Computer Center,
Madurai Kamaraj University, Madurai.
Abstract:
finished software products. As result, security
Requirement
occupied
Dr.K.Alagarsamy,
Associate Professor
Dept of MCA, Computer Center,
Madurai Kamaraj University, Madurai.
a
engineering has always
primal
position
in
software
engineering.”If you get the requirement correct,
you are very close to getting the software
correct”, has been an accepted fact. Many
principles and techniques have been proposed
for efficient requirement gathering and these
have been validated and applied in practice.
Incorporation of security into requirements are
engineering present several challenges and
opportunities
for
researches.
requirements
posses
Security
certain
unique
characteristics that prevent them from being
treated par with other
normal functional
requirement. In this paper we are going to
concentrate a security approach in requirement
engineering phase. We have explored how
requirement engineering phase plays important
considerations were forwarded towards the
through out of the development lifecycle. In
Particularly security related issues consider as
additional methodology and techniques before
the system was deployed at the client's premises.
Security issues were often raised only after some
undetected vulnerability had been compromised.
Still developers not understood that developing
secure software requires a careful injection of
security considerations into each stage and
requirement
the
software
development
lifecycle. However, once the importance of
designed in security was recognized, attention
was
directed
towards
improving
the
development process by considering security as
a requirement instead of a corrective measure.
Security is considered as a very critical
issue for software systems. Software is itself a
resource
role in software development life cycle.
of
and
thus
must
be
incorporate
appropriate security methodology. But security
often isn't the highest priority in software
Introduction:
Until recently, security in software
development
deployed
to
was
considered
solve
security
as
a
patch
problems
or
sometimes as an enhancement to already
development. It is often seen as a task that a
team performs in the testing phase at the tail end
of the software development lifecycle (SDLC),
after the developers have completed the code.
Security
ISSN: 2231-5381
is
generally
http://www.internationaljournalssrg.org
consider
as
last
Page 471
International Journal of Engineering Trends and Technology- Volume3Issue4- 2012
requirement i.e. given due attention only after
Areas described in the SWEBOK Guide,
going through all the phases of engineering a
describing
software. But, since the new technologies are
Knowledge Area into subareas and topics. The
emerging up using networking, distributed
five
capabilities of systems and also popularity of off
Requirements,
the shelf components, security issues have rather
Construction, Software Testing, and Software
become most important. Security should be
Maintenance. However, here the term security
considered as an important part of all phases
has been highlighted throughout the Guide, and
during the software development lifecycle
terms like secure software requirements, secure
(SDLC). Also it has been derived that if security
software design, secure software construction,
is implemented right from the origin of software,
secure software testing, and, finally, secure
it saves the economy billions of dollars. Concern
software maintenance have been added.
is thus in need of a model to examine security
Software Requirements and Secure Software
and quality requirements in the development
Requirements
the
decomposition
Knowledge
Areas
Software
of
are:
each
Software
Design,
Software
stages of the production lifecycle. Software that
In the software requirements phase [2],
is developed with security in mind is typically
the students are able to define the requirements
more resistant to both intentional attack and
as properties
brute force attacks and failures. However, it is
problem. Within the first two sub areas,
incredibly hard to show that a particular system
“Software Requirements Fundamentals” and
is 100% secure. Presently, there is no single
“Requirements Process,” the students learn
solution
engineering.
about the definitions of software requirements as
However, there are specific approaches which
well as the major types of requirements: product
improve the likelihood that a system is secure.
vs. process and functional vs. nonfunctional.
The security of software is threatened at various
Students will learn to describe process models,
points throughout its life cycle, both by
process
inadvertent and intentional choices and actions
management,
taken by insiders.
improvement.
for
secure
software
that solve some real-world
actors,
process
and
The
process
second
support
and
quality
and
sub
area,
“requirement process,” will introduce students to
the
Related works:
first
guideline
on
securing
software
The current SWEBOK Guide [2] can
requirements, which is negotiating trade-offs
serve as a reference for a secure software
that are both acceptable to the principal
engineering course. The course overview is
stakeholders and within budgetary, technical,
illustrated in Figure 1. The breakdown of the
regularity, and other constraints, that is because
course constitutes the same first five Knowledge
it will not be possible to perfectly satisfy the
ISSN: 2231-5381
http://www.internationaljournalssrg.org
Page 472
International Journal of Engineering Trends and Technology- Volume3Issue4- 2012
requirements of every stakeholder. The second
Requirements
analysis
includes
guideline covers the link between the process
classification, conceptual modeling, architectural
activities identified in the process models and
design, and allocation of requirements, as well
the issues of costs, human resources, training,
as requirements negotiation. Students learn
and tools. The third guideline covers the
many
improvement of the requirements process by
requirements that assist in understanding issues
using standards and models in terms of the cost
associated with modeling entities from the
and timeliness of a software product and of the
problem domain configured to reflect their real-
customer’s satisfaction with it.
world relationships and dependencies. The
practical
ways
to
secure
software
SWEBOK guide provides many examples of
conceptual modeling, such as UML, formal
modeling, IEEE Std 1320.1 for functional
modeling, and IEEE Std 1320.2 for information
modeling. Moreover, it refers to IEEE Std 14712000 for recommended practices for describing
the architectural aspects of software-intensive
systems. This standard suggests a multipleviewpoint approach to describe the architecture
The third sub area, “requirements
elicitation,” is concerned with where software
of systems and their software items.
The
fifth
sub
area,
“requirements
requirements come from and how the software
specification,” typically refers to the production
engineer
of a document,
can
collect
them.
It
includes
requirement sources and elicitation techniques.
or its electronic equivalent, that can be
Learning these by themselves are practical
systematically
guidelines that enhance the above proposed
approved. The general rule is that notations
guidelines
should be used that allow the requirements to be
such
as
interviews,
scenarios,
reviewed,
evaluated,
and
and
described as precisely as possible. This rule
observations. The fourth sub area, “requirements
serves as a guideline for students to consider in
analysis,” is concerned [2] with the process of
writing the software requirements specification
analyzing requirements in order to detect and
document, keeping in mind a number of quality
resolve conflicts between them and discover the
indicators.
prototypes,
facilitated
meetings
bounds of the software and how it must interact
with its environment.
IEEE 1465 is a standard treating quality
requirements in software packages. Students are
ISSN: 2231-5381
http://www.internationaljournalssrg.org
Page 473
International Journal of Engineering Trends and Technology- Volume3Issue4- 2012
also introduced to IEEE Std 830 for the
production
and
content
of
the
software
requirements specification. In addition, the last
two sub areas, [2] which are “requirements
Proposed Algorithms steps:
validation” and “practical considerations,” can
be taught to students as security guidelines and
1. System has to give a authorization for
practices. Many security vulnerabilities in
every user whose logged into the system
software can be avoided if students are better
2. System has to identify the permission of
equipped to recognize the security implications
of their requirements choices. In requirements
validation, they examine the requirements
documents to ensure that they are defining the
right
system.
Requirements
validation
is
subdivided into descriptions of the conduct of
requirements reviews, prototyping, and model
validation and acceptance
every user and access rights.
3. System can able to trace back the users
logs and transactions
4. System tolerates the vulnerabilities and
common virus attacks
5. System has to protect the data from the
intruders
6. Security patterns identification
7. Security package identification
Proposed work:
In software development life cycle
Now take a small example of online
requirement engineering phase is one of the
purchasing website or e commerce business. We
important phases, which gives the proper
have applied our algorithm to develop the
objectives, requirements, goals of customer. If
software product for online hoping. While
we have identified the correct requirements end
constructing the software product we should
product will be a desired one thing, in case any
focus many things in terms of security aspect in
problem occur in this part once again we have to
the requirement phase itself.
revert the process. Many of the software
transaction lot of vulnerabilities there like virus,
researchers are working security model as
spam, hacking, intruders, etc. End product
separate part of development or end of
should tolerate the miscellaneous activities. We
development but this kind of approach leads to
have implemented our security algorithm in this
problematic
security
software development which yields the better
enhancement part becomes a question mark in
result than normal developments model and also
software requirement engineering phase. In this
we made comparison analysis between ISDF
paper we have discussed some ideas to develop
frame work [3] security approaches.
one
thing.
Still
In online
the requirement engineering phase.
ISSN: 2231-5381
http://www.internationaljournalssrg.org
Page 474
International Journal of Engineering Trends and Technology- Volume3Issue4- 2012
[3] The ISDF Framework: Towards Secure Software
Development- Abdulaziz Alkussayer and William H. Allen.
[4] Nancy R. Mead, T. Stehney. “Security Quality
Requirements Engineering (SQUARE) Methodology”.
ISDF
Proposed
Software Engineering for Secure Systems – Building
Algorithm
Trustworthy Applications (SESS'05), 2005
[5] G. McGraw. “Software Security, Building Security”. In
Traceability
73.56
85.12
Attacks
65.12
87.45
published by IEEE Computer Society, 2004
[6] CERT's podcasts: Security for business leaders: Show
Tolerability
notes. Retrieved January 31, 2010, from CERT Podcast
Trace back
79.98
92.67
Series
http://www.cert.org/podcast/notes/20080304cappelli-
Table 1
notes.html
Conclusion:
In modern world everything becomes an
online solution like online banking, online
purchase, etc. But it opens the door for lot of
security related problem. To avoid this we have
worked with the software development models
especially in requirement engineering phase and
also we have developed a novel security
approach in software development model to
enhance the productivity of the software
development model requirement engineering
phase. According to our algorithmic approach
we have yielded good result over the existing
methodology. It is our trust this will help to
online business mans and merchants.
References:
[1]
Cutting
Edge
Practices
for
Secure
Software
Engineering- Kanchan Hans Amity Institute of Information
Technology Amity University, Noida,
[2] Secure Software Engineering: A New Teaching
Perspective Based on the SWEBOK Manar Abu Talib
,Zayed University, Abu Dhabi, UAE Adel Khelifi Al Hosn
University, Abu Dhabi, UAE Leon Jololian Zayed
University, Abu Dhabi, UAE
ISSN: 2231-5381
http://www.internationaljournalssrg.org
Page 475