Identification of Security Requirements from the Selected Set of Requirements under Fuzzy Environment

Abstract

The elicitation of software requirements is an essential activity of requirement engineering whose task is to collect, gather, or identity the stakeholders requirements. The requirements elicited are of various types like performance requirements, testing requirements, system requirements, functional requirements, etc. according to the need of the stakeholders. Among all the requirements, security requirements play a crucial role to safeguard valuable information from unauthorized users in an organization. In our review process, we found that security requirements elicitation methods lack in answering that how to gather the security requirements from the selected set of functional requirements when stakeholders take part in decision making process and preferences of the software requirements are specified by the use of linguistic variables. Therefore, in order to tackle this problem, in this paper, for the selection of security requirements we propose a fuzzy-based method, so that identification, authentication, and authorization of security requirements can be elicited only for those requirements which are important according to the security point of view. The applicability of the proposed method is discussed by means of an example.