Graduate School and Research Center in Digital Sciences

Security guidelines: Requirements engineering for verifying code quality

Zhioua, Zeineb; Roudier, Yves; Short, S; Boulifa Ameur, Rabea

ESPRE 2016, 3rd International Workshop on Evolving Security and Privacy Requirements Engineering, September 12th, 2016, Beijing, China, co-located with the 24th IEEE International Requirements Engineering Conference

The development and delivery of secure software is a challenging task, that gets even harder when the developer tries to adhere to both application and organization-specific security requirements translated into security guidelines. These guidelines serve as best practices or recommendations that help reduce application exposure to vulnerabilities, and provide hints about the application's adherence to high-level and abstract security requirements. In this paper, we present guidelines we gathered from different sources, and we highlight the main issues related to the interpretation and application of those guidelines. We present a first attempt to classify the requirements with the objective of identifying the analysis that should be performed to verify the adherence of the developed software to each of the categories.

Document Doi Hal Bibtex

Title:Security guidelines: Requirements engineering for verifying code quality
Keywords:Security Guidelines, Development Lifecycle, Information flow
Department:Digital Security
Eurecom ref:4974
Copyright: © 2016 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+4974, doi = {}, year = {2016}, title = {{S}ecurity guidelines: {R}equirements engineering for verifying code quality}, author = {{Z}hioua, {Z}eineb and {R}oudier, {Y}ves and {S}hort, {S} and {B}oulifa {A}meur, {R}abea}, booktitle = {{ESPRE} 2016, 3rd {I}nternational {W}orkshop on {E}volving {S}ecurity and {P}rivacy {R}equirements {E}ngineering, {S}eptember 12th, 2016, {B}eijing, {C}hina, co-located with the 24th {IEEE} {I}nternational {R}equirements {E}ngineering {C}onference}, address = {{B}eijing, {CHINA}}, month = {09}, url = {} }
See also: