Date of Award
Fall 2022
Access Type
Dissertation - Open Access
Degree Name
Doctor of Philosophy in Electrical Engineering & Computer Science
Department
Electrical Engineering and Computer Science
Committee Chair
Omar Ochoa
First Committee Member
Salamah Salamah
Second Committee Member
Massood Towhidnejad
Third Committee Member
Laxima Niure Kandel
Fourth Committee Member
Kenji Yoshigoe
College Dean
James W. Gregory
Abstract
The focus of this research is to develop an approach that enhances the elicitation and specification of reusable cybersecurity requirements. Cybersecurity has become a global concern as cyber-attacks are projected to cost damages totaling more than $10.5 trillion dollars by 2025. Cybersecurity requirements are more challenging to elicit than other requirements because they are nonfunctional requirements that requires cybersecurity expertise and knowledge of the proposed system. The goal of this research is to generate cybersecurity requirements based on knowledge acquired from requirements elicitation and analysis activities, to provide cybersecurity specifications without requiring the specialized knowledge of a cybersecurity expert, and to generate reusable cybersecurity requirements. The proposed approach can be an effective way to implement cybersecurity requirements at the earliest stages of the system development life cycle because the approach facilitates the identification of cybersecurity requirements throughout the requirements gathering stage. This is accomplished through the development of the Secure Development Ontology that maps cybersecurity features and the functional features descriptions in order to train a classification machine-learning model to return the suggested security requirements. The SD-SRE requirements engineering portal was created to support the application of this research by providing a platform to submit use case scenarios and requirements and suggest security requirements for the given system. The efficacy of this approach was tested with students in a graduate requirements engineering course. The students were presented with a system description and tasked with creating use case scenarios using the SD-SRE portal. The entered models were automatically analyzed by the SD-SRE system to suggest the security requirements. The results showed that the approach can be an effective approach to assist in the identification of security requirements.
Scholarly Commons Citation
Steinmann, Jessica Antonia, "Supporting the Discovery, Reuse, and Validation of Cybersecurity Requirements at the Early Stages of the Software Development Lifecycle" (2022). Doctoral Dissertations and Master's Theses. 716.
https://commons.erau.edu/edt/716
GS9 Form
Included in
Artificial Intelligence and Robotics Commons, Information Security Commons, Software Engineering Commons, Systems Engineering Commons