Information Security Requirements Engineering

• Project Keywords: Information Security Requirements, Security Engineering Process in Information Assurance, Common Criteria Scheme, Security Evaluation
   

• Project Members/Collaborators: Dr. Seok-Won Lee, Dr. Gail-Joon Ahn, Deepak Yavagal
   

• Project Description: One of the high demands from the consumers of IT products is to set proper level of confidence in the security features of those products and be able to measure, compare and evaluate various IT products to understand their capabilities and limitations both functional and non-functional as accurately as possible. NIST and NSA have recently announced a new collaborative effort to produce comprehensive security requirements and security specifications for key technologies that will be used to build more secure systems for the US federal agencies. These security requirements and security specifications are being developed with significant industry involvement and employ the new international security standard known as the Common Criteria (ISO/IEC 15408). This project will apply a novel software requirements engineering methodology to Common Criteria to support subject matter experts in acquisition and organization of requirements, discovery and analysis of requirements defects, and requirements verification and validation. The methodology also provides an effective and efficient way to incorporate changes of policies, regulations, requirements and new legislations into the assessment process of an IT product to evaluate the conformance to a set of security requirements.