Security is an important feature of the software. Integrating security requirements right at the beginning not only ensure secure software but also save a lot of precious time and reduce the effort of rework of software development team. However, to build a secure system is not an easy task and it is extremely difficult to develop a secure system, especially in the case of cyber-physical systems (CPS). In this paper, we propose a security requirements engineering framework that provides ways to determine security requirements throughout the requirements engineering phase which consists of a number of activities to elicit and finalize the security requirements for CPS. Additionally, we determine the activities that need to be implemented in the security requirements engineering framework to address security requirements for CPS. We compare our proposed security requirements engineering framework with other existing software security frameworks. The result shows that not all software security frameworks perform all the basic and important activities in the development of secure software systems. This may also result in a development of an unsecure cyber-physical systems. Furthermore, this comparison survey helps us to identify the short-comings in SRE frameworks which has been rectified in our proposed security requirements engineering framework for CPS.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com