{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T21:53:11Z","timestamp":1777585991682,"version":"3.51.4"},"reference-count":108,"publisher":"Springer Science and Business Media LLC","issue":"11","license":[{"start":{"date-parts":[[2019,8,6]],"date-time":"2019-08-06T00:00:00Z","timestamp":1565049600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,8,6]],"date-time":"2019-08-06T00:00:00Z","timestamp":1565049600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"name":"Maulana Azad National Fellowship (MANF), Ministry of Minority Affairs, Government of India","award":["MANF- 2015-17-UTT-60741"],"award-info":[{"award-number":["MANF- 2015-17-UTT-60741"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Arab J Sci Eng"],"published-print":{"date-parts":[[2019,11]]},"DOI":"10.1007\/s13369-019-04067-3","type":"journal-article","created":{"date-parts":[[2019,8,6]],"date-time":"2019-08-06T08:02:51Z","timestamp":1565078571000},"page":"8963-8987","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["A Systematic Review and Analytical Evaluation of Security Requirements Engineering Approaches"],"prefix":"10.1007","volume":"44","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6901-7968","authenticated-orcid":false,"given":"Malik Nadeem","family":"Anwar Mohammad","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammed","family":"Nazir","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Khurram","family":"Mustafa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,8,6]]},"reference":[{"key":"4067_CR1","doi-asserted-by":"crossref","unstructured":"Abdulrazeg, A.A.; Norwawi, N.M.; Basir, N.: Security metrics to improve Misuse case model. In: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 94\u201399. IEEE (2012)","DOI":"10.1109\/CyberSec.2012.6246129"},{"key":"4067_CR2","unstructured":"Abukwaik, H.; Zhang, C.: eSQUARE: a formal methods enhanced SQUARE tool. In: Proceedings of the International Conference on Software Engineering Research and Practice (SERP), page\u00a01. The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp) (2012)"},{"key":"4067_CR3","doi-asserted-by":"crossref","unstructured":"Asnar, Y.; Giorgini, P.; Massacci, F.; Zannone, N.: From trust to dependability through risk analysis. In: The Second International Conference on Availability, Reliability and Security (ARES\u201907), pp. 19\u201326. IEEE (2007)","DOI":"10.1109\/ARES.2007.93"},{"key":"4067_CR4","doi-asserted-by":"crossref","unstructured":"Banerjee, C.; Banerjee, A.; Murarka, P.: Measuring software security using MACOQR (misuse and abuse case oriented quality requirement) metrics: defensive perspective. Int. J. Comput. Appl. 93(18), (2014)","DOI":"10.5120\/16439-6213"},{"key":"4067_CR5","doi-asserted-by":"crossref","unstructured":"Banerjee, C.; Banerjee, A.; Poonia, A.S.; Sharma, S.: Proposed algorithm for identification of vulnerabilities and associated misuse cases using CVSS, CVE standards during security requirements elicitation phase. In: Soft Computing: Theories and Applications, pp. 651\u2013658. Springer, New York (2018)","DOI":"10.1007\/978-981-10-5699-4_61"},{"key":"4067_CR6","doi-asserted-by":"crossref","unstructured":"Bostr\u00f6m, G.; W\u00e4yrynen, J.; Bod\u00e9n, M.; Beznosov, K.; Kruchten, P.: Extending XP practices to support security requirements engineering. In: Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems, pp. 11\u201318. ACM (2006)","DOI":"10.1145\/1137627.1137631"},{"key":"4067_CR7","doi-asserted-by":"crossref","unstructured":"Chowdhury, M. J.M.; Matulevi\u010dius, R.; Sindre, G.; Karpati, P.: Aligning mal-activity diagrams and security risk management for security requirements definitions. In: International Working Conference on Requirements Engineering: Foundation for Software Quality, pp. 132\u2013139. Springer, New York (2012)","DOI":"10.1007\/978-3-642-28714-5_11"},{"key":"4067_CR8","unstructured":"Cruzes, D.S.; Jaatun, M.G.; Bernsmed, K.; T\u00f8ndel, I.A.: Challenges and experiences with applying Microsoft threat modeling in Agile development projects. In: 2018 25th Australasian Software Engineering Conference (ASWEC), pp. 111\u2013120. IEEE (2018)"},{"key":"4067_CR9","unstructured":"Dahl, H.E.I.; St\u00f8len, K.; Hogganvik, I.: Structured semantics for the CORAS security risk modelling language. In: Pre-Proceedings of the 2nd International Workshop on Interoperability Solutions on Trust, Security, Policies and QoS for Enhanced Enterprise Systems(IS-TSPQ), Portugal, pp. 79\u201392. Helsingin yliopisto (2007)"},{"issue":"1","key":"4067_CR10","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s10550-007-0013-9","volume":"25","author":"F Den Braber","year":"2007","unstructured":"Den Braber, F.; Hogganvik, I.; Lund, M.S.; St\u00f8len, K.; Vraalsen, F.: Model-based security analysis in seven steps - a guided tour to the CORAS method. BT Technol. J. 25(1), 101\u2013117 (2007)","journal-title":"BT Technol. J."},{"issue":"2","key":"4067_CR11","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1108\/14637151211225162","volume":"18","author":"M El-Attar","year":"2012","unstructured":"El-Attar, M.: A framework for improving quality in misuse case models. Bus. Process Manag. J. 18(2), 168\u2013196 (2012a)","journal-title":"Bus. Process Manag. J."},{"issue":"2","key":"4067_CR12","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1016\/j.jss.2011.08.023","volume":"85","author":"M El-Attar","year":"2012","unstructured":"El-Attar, M.: Towards developing consistent misuse case models. J. Syst. Softw. 85(2), 323\u2013339 (2012b)","journal-title":"J. Syst. Softw."},{"issue":"1","key":"4067_CR13","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/s10270-012-0240-5","volume":"13","author":"M El-Attar","year":"2014","unstructured":"El-Attar, M.: From misuse cases to mal-activity diagrams: bridging the gap between functional security analysis and design. Softw. Syst. Model. 13(1), 173\u2013190 (2014)","journal-title":"Softw. Syst. Model."},{"issue":"7","key":"4067_CR14","doi-asserted-by":"publisher","first-page":"661","DOI":"10.1109\/TSE.2015.2396526","volume":"41","author":"M El-Attar","year":"2015","unstructured":"El-Attar, M.; Luqman, H.; Karpati, P.; Sindre, G.; Opdahl, A.L.: Extending the UML statecharts notation to model security aspects. IEEE Trans. Softw. Eng. 41(7), 661\u2013690 (2015)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"4","key":"4067_CR15","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1016\/j.jare.2014.03.001","volume":"5","author":"H El-Hadary","year":"2014","unstructured":"El-Hadary, H.; El-Kassas, S.: Capturing security requirements for software systems. J. Adv. Res. 5(4), 463\u2013472 (2014)","journal-title":"J. Adv. Res."},{"key":"4067_CR16","doi-asserted-by":"crossref","unstructured":"Elahi, G.; Yu, E.; Zannone, N.: A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: International Conference on Conceptual Modeling, pp. 99\u2013114. Springer, New York (2009)","DOI":"10.1007\/978-3-642-04840-1_10"},{"issue":"1","key":"4067_CR17","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/s00766-009-0090-z","volume":"15","author":"G Elahi","year":"2010","unstructured":"Elahi, G.; Yu, E.; Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir. Eng. 15(1), 41\u201362 (2010)","journal-title":"Requir. Eng."},{"key":"4067_CR18","doi-asserted-by":"crossref","unstructured":"Fernandez, E.B.; Yoshioka, N.; Washizaki, H.: Modeling misuse patterns. In: Proceedings of the 4th International Conference on Availability, Reliability and Security (ARES), Fukuoka, Japan, pp. 566\u2013571. IEEE Computer Society (2009)","DOI":"10.1109\/ARES.2009.139"},{"issue":"1","key":"4067_CR19","doi-asserted-by":"publisher","first-page":"61","DOI":"10.5381\/jot.2004.3.1.c6","volume":"3","author":"D Firesmith","year":"2004","unstructured":"Firesmith, D.: Specifying reusable security requirements. J. Obj. Technol. 3(1), 61\u201375 (2004)","journal-title":"J. Obj. Technol."},{"key":"4067_CR20","doi-asserted-by":"crossref","unstructured":"Fredriksen, R.; Kristiansen, M.; Gran, B.A.; St\u00f8len, K.; Opperud, T.A.; Dimitrakos, T.: The CORAS framework for a model based risk management process. In: Proceedings of the 21st International Conference on Computer Safety, Reliabiltiy and Security, Catania, Italy, pp. 94\u2013105. Springer, New York (2002)","DOI":"10.1007\/3-540-45732-1_11"},{"key":"4067_CR21","doi-asserted-by":"crossref","unstructured":"Giorgini, P.; Mouratidis, H.; Zannone, N.: Modelling security and trust with Secure Tropos. In: Integrating Security and Software Engineering: Advances and Future Vision, pp. 160\u2013189. Idea Group Publishing (2006)","DOI":"10.4018\/978-1-59904-147-6.ch008"},{"key":"4067_CR22","doi-asserted-by":"crossref","unstructured":"Gregoire, J.; Buyens, K.; Win, B.D.; Scandariato, R.; Joosen, W.: On the secure software development process: CLASP and SDL compared. In: Proceedings of the 3rd International Workshop on Software Engineering for Secure Systems, Washington, DC, USA, pp. 1\u20137. IEEE Computer Society (2007)","DOI":"10.1109\/SESS.2007.7"},{"key":"4067_CR23","unstructured":"Gurses, S.F.; Berendt, B.; Santen, T.: Multilateral security requirements analysis for preserving privacy in ubiquitous environments. In: Proceedings of the UKDU Workshop in 17th European Conference on Machine Learning(EMCL), Berlin, Germany, pp. 51\u201364. Springer, New York (2006)"},{"key":"4067_CR24","unstructured":"Gurses, S.F.; Santen, T.: Contextualizing security goals: a method for multilateral security requirements elicitation. In: Proceedings of the 42nd Security Conference (SICHERHEIT), Magdeburg, Germany, pp. 42\u201353. LNI (2006)"},{"issue":"1","key":"4067_CR25","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1109\/TSE.2007.70754","volume":"34","author":"C Haley","year":"2008","unstructured":"Haley, C.; Laney, R.; Moffett, J.; Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133\u2013153 (2008)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"4067_CR26","doi-asserted-by":"crossref","unstructured":"Haley, C.B.; Laney, R.C.; Moffett, J.D.; Nuseibeh, B.: Picking battles: the impact of trust assumptions on the elaboration of security requirements. In: Proceedings of the 2nd International conference on Trust Management(iTrust), Oxford, UK, pp. 347\u2013354. Springer, New York (2004)","DOI":"10.1007\/978-3-540-24747-0_27"},{"key":"4067_CR27","unstructured":"Haley, C.B.; Laney, R.C.; Moffett, J.D.; Nuseibeh, B.: Arguing security: validating security requirements using structured argumentation. In: Proceedings of the 3rd Symposium on Requirements Engineering for Information Security (SREIS) Held in Conjunction with the 13th International Requirements Engineering Conference, Paris, France. IEEE Computer Society (2005)"},{"key":"4067_CR28","doi-asserted-by":"crossref","unstructured":"Haley, C.B.; Moffett, J.D.; Laney, R.; Nuseibeh, B.: A framework for security requirements engineering. In: Proceedings of the International Workshop on Software Engineering for Secure Systems(ICSE), Shanghai, China, pp. 35\u201342. ACM (2006)","DOI":"10.1145\/1137627.1137634"},{"key":"4067_CR29","doi-asserted-by":"crossref","unstructured":"Hassan, R.; Bohner, S.; El-Kassas, S.: Formal derivation of security design specifications from security requirements. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, pp.\u00a010. ACM (2008)","DOI":"10.1145\/1413140.1413152"},{"key":"4067_CR30","doi-asserted-by":"crossref","unstructured":"Hatebur, D.; Heisel, M.; J\u00fcrjens, J.; Schmidt, H.: Systematic development of UMLsec design models based on security requirements. In: Proceedings of the 14th International Conference on Fundamental Approaches to Software Engineering, Saarbrucken, Germany, pp. 232\u2013246. Springer, New York (2011)","DOI":"10.1007\/978-3-642-19811-3_17"},{"key":"4067_CR31","doi-asserted-by":"crossref","unstructured":"Hatebur, D.; Heisel, M.; Schmidt, H.: Security engineering using problem frames. In: Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS), Freiburg, Germany, pp. 238\u2013253. Springer, New York (2006)","DOI":"10.1007\/11766155_17"},{"key":"4067_CR32","doi-asserted-by":"crossref","unstructured":"Hatebur, D.; Heisel, M.; Schmidt, H.: A pattern system for security requirements engineering. In: Proceedings of the 2nd International Conference on Availability, Reliability and Security(ARE), Vienna, pp. 356\u2013365. IEEE Computer Society (2007a)","DOI":"10.1109\/ARES.2007.12"},{"key":"4067_CR33","doi-asserted-by":"crossref","unstructured":"Hatebur, D.; Heisel, M.; Schmidt, H.: A security engineering process based on patterns. In: Proceedings of the 18th International Workshop on Database and Expert Systems Applications(DEXA), Regensburg, Germany, pp. 734\u2013738. IEEE Computer Society (2007b)","DOI":"10.1109\/DEXA.2007.36"},{"key":"4067_CR34","doi-asserted-by":"crossref","unstructured":"Hatebur, D.; Heisel, M.; Schmidt, H.: Analysis and component-based realization of security requirements. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security(ARES), Barcelona, Spain, pp. 195\u2013203. IEEE Computer Society (2008)","DOI":"10.1109\/ARES.2008.27"},{"key":"4067_CR35","unstructured":"He, Q.; Ant\u00f3n, A.I.: A framework for modeling privacy requirements in role engineering. In: Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ), Klagenfurt\/Velden, Austria, pp. 137\u2013146. IEEE Computer Society (2003)"},{"key":"4067_CR36","unstructured":"Johnstone, M.N.: Modelling misuse cases as a means of capturing security requirements. In: Proceedings of the 9th Australian Information Security Management Conference, Perth, Australia, pp. 14\u2013147. Security Research Centre, Edith Cowan University (2011)"},{"key":"4067_CR37","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J.: Towards development of secure systems using UMLsec. In: Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering (FASE), London, UK. Springer, pp. 187\u2013200 (2001)","DOI":"10.1007\/3-540-45314-8_14"},{"key":"4067_CR38","doi-asserted-by":"crossref","unstructured":"J\u00fcrjens, J.: UMLsec: Extending UML for secure systems development. In: Proceedings of the 15th International Conference on the Unified Modeling Language, Dresden, Germany, pp. 412\u2013425. Springer, New York (2002)","DOI":"10.1007\/3-540-45800-X_32"},{"key":"4067_CR39","volume-title":"Secure Systems Development with UML","author":"J J\u00fcrjens","year":"2005","unstructured":"J\u00fcrjens, J.: Secure Systems Development with UML. Springer, New York (2005)"},{"key":"4067_CR40","doi-asserted-by":"crossref","unstructured":"Jurjens, J.; Schreck, J.; Yu, Y.: Automated analysis of permission-based security using UMLsec. In: Proceedings of the 11th European Joint Conferences on Theory and Practice of Software(ETAPS), Budapest, Hungary, pp. 292\u2013295. Springer, New York (2008)","DOI":"10.1007\/978-3-540-78743-3_21"},{"issue":"5\u20136","key":"4067_CR41","doi-asserted-by":"publisher","first-page":"527","DOI":"10.1007\/s10009-007-0048-8","volume":"9","author":"J J\u00fcrjens","year":"2007","unstructured":"J\u00fcrjens, J.; Shabalin, P.: Tools for secure systems development with UML. Int. J. Softw. Tools Technol. Transf. 9(5\u20136), 527\u2013544 (2007)","journal-title":"Int. J. Softw. Tools Technol. Transf."},{"key":"4067_CR42","unstructured":"Lamsweerde, A.V.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering, Washington, DC, USA, pp. 148\u2013157. IEEE Computer Society (2004)"},{"issue":"1","key":"4067_CR43","first-page":"196","volume":"9","author":"AV Lamsweerde","year":"2007","unstructured":"Lamsweerde, A.V.: Engineering requirements for system reliability and security. NATO Secur. Through Sci. Ser. D-Inf. Commun. Secur. 9(1), 196 (2007)","journal-title":"NATO Secur. Through Sci. Ser. D-Inf. Commun. Secur."},{"key":"4067_CR44","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1016\/j.procs.2014.12.005","volume":"43","author":"A Larionovs","year":"2015","unstructured":"Larionovs, A.; Teilans, A.; Grabusts, P.: CORAS for threat and risk modeling in social networks. Procedia Comput. Sci. 43, 26\u201332 (2015)","journal-title":"Procedia Comput. Sci."},{"issue":"1","key":"4067_CR45","doi-asserted-by":"publisher","first-page":"336","DOI":"10.18517\/ijaseit.9.1.5987","volume":"9","author":"J Lee","year":"2019","unstructured":"Lee, J.; Woo, J.; Lee, C.; Joo, K.: A software development methodology for secure web application. Int. J. Adv. Sci. Eng. Inf. Technol. 9(1), 336\u2013341 (2019)","journal-title":"Int. J. Adv. Sci. Eng. Inf. Technol."},{"key":"4067_CR46","unstructured":"Lin, L.; Nuseibeh, B.; Ince, D.; Jackson, M.: Using abuse frames to bound the scope of security problems. In: Proceedings of the 12th IEEE International Requirements Engineering Conference, Kyoto, Japan, pp. 354\u2013355. IEEE Computer Society (2004)"},{"key":"4067_CR47","unstructured":"Lin, L.; Nuseibeh, B.; Ince, D.; Jackson, M.; Moffett, J.: Analysing security threats and vulnerabilities using abuse frames. In: Proceedings of the 6th European Joint Conferences on Theory and Practice of Software (ETAPS), Warsaw, Poland, pp. 1\u201318. Springer, New York (2003a)"},{"key":"4067_CR48","unstructured":"Lin, L.; Nuseibeh, B.; Ince, D.; Jackson, M.; Moffett, J.: Introducing abuse frames for analysing security requirements. In: Proceedings of the 11th IEEE International Conference on Requirements Engineering, Los Alamitos, CA, USA, pp. 371\u2013372. IEEE Computer Society (2003b)"},{"key":"4067_CR49","unstructured":"Liu, L.; Yu, E.; Jabeen, G.: Social threats modelling with i*. In: iStar, pp. 97\u2013102 (2016)"},{"key":"4067_CR50","unstructured":"Liu, L.; Yu, E.; Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proceedings of the 11th IEEE International Conference on Requirements Engineering, Washington, DC, USA, pp. 151\u2013162. IEEE Computer Society (2003)"},{"key":"4067_CR51","doi-asserted-by":"crossref","unstructured":"Lodderstedt, T.; David, B.; Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Proceedings of the 5th International Conference on Model Driven Engineering Languages and Systems, Dresden, Germany, pp. 426\u2013441. Springer, New York (2002)","DOI":"10.1007\/3-540-45800-X_33"},{"key":"4067_CR52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23082-0_9","volume-title":"Risk Analysis of Changing and Evolving Systems Using CORAS","author":"MS Lund","year":"2011","unstructured":"Lund, M.S.; Solhaug, B.; St\u00f8len, K.: Risk Analysis of Changing and Evolving Systems Using CORAS. Springer, New York (2011)"},{"key":"4067_CR53","doi-asserted-by":"crossref","unstructured":"Maher, Z.A.; Shah, A.; Shaikh, H.; Rahu, G.A.; Butt, P.K.; Chandio, S.; Shaikh, S.: A methodology for modeling and analysis of secure systems using security patterns and mitigation use cases. In: 7th International Conference on Computer and Communication Engineering (ICCCE), pp. 268\u2013273. IEEE (2018)","DOI":"10.1109\/ICCCE.2018.8539339"},{"key":"4067_CR54","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1016\/j.infsof.2018.04.007","volume":"100","author":"PX Mai","year":"2018","unstructured":"Mai, P.X.; Goknil, A.; Shar, L.K.; Pastore, F.; Briand, L.C.; Shaame, S.: Modeling security and privacy requirements: a use case-driven approach. Inf. Softw. Technol. 100, 165\u2013182 (2018)","journal-title":"Inf. Softw. Technol."},{"key":"4067_CR55","doi-asserted-by":"crossref","unstructured":"Massacci, F.; Mylopoulos, J.; Paci, F.; Tun, T.T.; Yu, Y.: An extended ontology for security requirements. In: International Conference on Advanced Information Systems Engineering, pp. 622\u2013636. Springer, New York (2011)","DOI":"10.1007\/978-3-642-22056-2_64"},{"key":"4067_CR56","doi-asserted-by":"crossref","unstructured":"Matulevi\u010dius, R.: Security risk-aware Secure Tropos. In: Fundamentals of Secure System Modelling, pp. 77\u201391. Springer, New York (2017)","DOI":"10.1007\/978-3-319-61717-6_6"},{"key":"4067_CR57","unstructured":"Matulevi\u010dius, R.; Dumas, M.: A comparison of SecureUML and UMLsec for role-based access control. In: Proceedings of the 14th East European Conference on Databases and Information Systems, Novisad, Serbia, pp. 171\u2013185. Springer, New York (2010)"},{"key":"4067_CR58","unstructured":"Matulevicius, R.; Dumas, M.: Towards model transformation between SecureUML and UMLsec for role-based access control. In: DB&IS, pp. 339\u2013352 (2010)"},{"key":"4067_CR59","doi-asserted-by":"crossref","unstructured":"Matulevi\u010dius, R.; Mayer, N.; Mouratidis, H.; Dubois, E.; Heymans, P.; Genon, N.: Adapting Secure Tropos for security risk management in the early phases of information systems development. In: Proceedings of the 20th International Conference on Advanced Information Systems Engineering (CAiSE), Montpellier, France, pp. 541\u2013555. Springer, New York (2008)","DOI":"10.1007\/978-3-540-69534-9_40"},{"issue":"6","key":"4067_CR60","first-page":"816","volume":"18","author":"R Matulevicius","year":"2012","unstructured":"Matulevicius, R.; Mouratidis, H.; Mayer, N.; Dubois, E.; Heymans, P.: Syntactic and semantic extensions to Secure Tropos to support security risk management. J. UCS 18(6), 816\u2013844 (2012)","journal-title":"J. UCS"},{"key":"4067_CR61","unstructured":"Mayer, N.; Dubois, E.; Matulevicius, R.; Heymans, P.: Towards a measurement framework for security risk management. In: Proceedings of Modeling Security Workshop (2008)"},{"key":"4067_CR62","unstructured":"Mayer, N.; Heymans, P.; Matulevicius, R.: Design of a modelling language for information system security risk management. In: RCIS, pp. 121\u2013132 (2007)"},{"key":"4067_CR63","unstructured":"Mead, N.R.: How to compare the security quality requirements engineering (SQUARE) method with other methods. Technical report, Software Engineering Institute, Carnegie Mellon University (2007)"},{"key":"4067_CR64","doi-asserted-by":"crossref","unstructured":"Mead, N.R.: Measuring the software security requirements engineering process. In: 36th Annual IEEE Computer Software and Applications Conference Workshops (COMPSACW), pp. 583\u2013588. IEEE (2012)","DOI":"10.1109\/COMPSACW.2012.107"},{"key":"4067_CR65","doi-asserted-by":"crossref","unstructured":"Mead, N.R.; Abu-Nimeh, S.: Security and privacy requirements engineering. In: Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications, pp. 1711\u20131729. IGI Global (2019)","DOI":"10.4018\/978-1-5225-8897-9.ch083"},{"issue":"1","key":"4067_CR66","first-page":"106","volume":"1","author":"NR Mead","year":"2011","unstructured":"Mead, N.R.; Miyazaki, S.; Zhan, J.: Integrating privacy requirements considerations into a security requirements engineering method and tool. Int. J. Inf. Priv. Secur. Integr. 1(1), 106\u2013126 (2011)","journal-title":"Int. J. Inf. Priv. Secur. Integr."},{"key":"4067_CR67","doi-asserted-by":"crossref","unstructured":"Mead, N.R.; Stehney, T.: Security quality requirements engineering (SQUARE) methodology. In: Proceedings of the Workshop on Software Engineering for Secure Systems Building Trustworthy Applications, St. Louis, Missouri, pp. 1\u20137. ACM (2005)","DOI":"10.1145\/1083200.1083214"},{"key":"4067_CR68","doi-asserted-by":"crossref","unstructured":"Mead, N.R.; Viswanathan, V.; Padmanabhan, D.; Raveendran, A.: Incorporating security quality requirements engineering (SQUARE) into standard life-cycle models. Technical report, Software Engineering Institute, Carnegie Mellon University (2008)","DOI":"10.21236\/ADA482345"},{"key":"4067_CR69","doi-asserted-by":"crossref","unstructured":"Mellado, D.; Fern\u00e1ndez-Medina, E.; Piattini, M.: Applying a security requirements engineering process. In: European Symposium on Research in Computer Security, pp. 192\u2013206. Springer, New York (2006)","DOI":"10.1007\/11863908_13"},{"issue":"2","key":"4067_CR70","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1016\/j.csi.2006.04.002","volume":"29","author":"D Mellado","year":"2007","unstructured":"Mellado, D.; Fern\u00e1ndez-Medina, E.; Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stand. Interfaces 29(2), 244\u2013253 (2007)","journal-title":"Comput. Stand. Interfaces"},{"issue":"4","key":"4067_CR71","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1016\/j.csi.2013.12.006","volume":"36","author":"D Mellado","year":"2014","unstructured":"Mellado, D.; Mouratidis, H.; Fern\u00e1ndez-Medina, E.: Secure Tropos framework for software product lines requirements engineering. Comput. Stand. Interfaces 36(4), 711\u2013722 (2014)","journal-title":"Comput. Stand. Interfaces"},{"issue":"02","key":"4067_CR72","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis, H.; Giorgini, P.: Secure Tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285\u2013309 (2007)","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"issue":"1","key":"4067_CR73","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1007\/978-3-642-04879-1_2","volume":"4324","author":"H Mouratidis","year":"2009","unstructured":"Mouratidis, H.; Giorgini, P.: Enhancing secure tropos to effectively deal with security requirements in the development of multiagent systems. Saf. Secur. Multiagent Syst. 4324(1), 8\u201326 (2009)","journal-title":"Saf. Secur. Multiagent Syst."},{"key":"4067_CR74","doi-asserted-by":"crossref","unstructured":"Oueslati, H.; Rahman, M.M.; ben Othmane, L.: Literature review of the challenges of developing secure software using the Agile approach. In: Proceedings of the 10th International Conference on Availability, Reliability and Security(ARES), Toulouse, France, pp. 540\u2013547. IEEE Computer Society (2015)","DOI":"10.1109\/ARES.2015.69"},{"key":"4067_CR75","unstructured":"Pavlidis, M.; Islam, S.: SecTro: A CASE tool for modelling security in requirements engineering using Secure Tropos. In: CAiSE Forum, pp. 89\u201396 (2011)"},{"key":"4067_CR76","doi-asserted-by":"crossref","unstructured":"Pavlidis, M.; Mouratidis, H.; Panaousis, E.; Argyropoulos, N.: Selecting security mechanisms in Secure Tropos. In: International Conference on Trust and Privacy in Digital Business, pp. 99\u2013114. Springer, New York (2017)","DOI":"10.1007\/978-3-319-64483-7_7"},{"key":"4067_CR77","unstructured":"Peeters, J.: Agile security requirements engineering. In: Proceedings of the Symposium on Requirements Engineering for Information Security, pp. 1\u20134. IEEE Computer Society, Paris, France (2005)"},{"key":"4067_CR78","doi-asserted-by":"crossref","unstructured":"Poonia, A.S.; Banerjee, C.; Banerjee, A.; Sharma, S.: Aligning misuse case oriented quality requirements metrics with machine learning approach. In: Soft Computing: Theories and Applications, pp. 687\u2013692. Springer, New York (2019)","DOI":"10.1007\/978-981-13-0589-4_64"},{"issue":"7","key":"4067_CR79","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1145\/792704.792706","volume":"46","author":"J Rees","year":"2003","unstructured":"Rees, J.; Bandyopadhayay, S.; Spafford, E.H.: PFIRES: a policy framework for information security. Commun. ACM 46(7), 101\u2013106 (2003)","journal-title":"Commun. ACM"},{"issue":"3","key":"4067_CR80","doi-asserted-by":"publisher","first-page":"65","DOI":"10.3390\/technologies6030065","volume":"6","author":"S Rehman","year":"2018","unstructured":"Rehman, S.; Gruhn, V.: An effective security requirements engineering framework for cyber-physical systems. Technologies 6(3), 65 (2018)","journal-title":"Technologies"},{"key":"4067_CR81","doi-asserted-by":"crossref","unstructured":"Riaz, M.; Stallings, J.; Singh, M.P.; Slankas, J.; Williams, L.: DIGS: a framework for discovering goals for security requirements engineering. In: Proceedings of the 10th ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement, p.\u00a035. ACM (2016)","DOI":"10.1145\/2961111.2962599"},{"key":"4067_CR82","doi-asserted-by":"crossref","unstructured":"Rrenja, A.; Matulevi\u010dius, R.: Pattern-based security requirements derivation from Secure Tropos models. In: IFIP Working Conference on The Practice of Enterprise Modeling, pp. 59\u201374. Springer, New York (2015)","DOI":"10.1007\/978-3-319-25897-3_5"},{"key":"4067_CR83","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1016\/j.infsof.2015.05.002","volume":"66","author":"F Saleh","year":"2015","unstructured":"Saleh, F.; El-Attar, M.: A scientific evaluation of the misuse case diagrams visual syntax. Inf. Softw. Technol. 66, 73\u201396 (2015)","journal-title":"Inf. Softw. Technol."},{"key":"4067_CR84","doi-asserted-by":"crossref","unstructured":"Salini, P.; Kanmani, S.: Application of model oriented security requirements engineering framework for secure e-voting. In: 2012 CSI Sixth International Conference on Software Engineering (CONSEG), pp. 1\u20136. IEEE (2012a)","DOI":"10.1109\/CONSEG.2012.6349489"},{"key":"4067_CR85","doi-asserted-by":"crossref","unstructured":"Salini, P.; Kanmani, S.: Elicitation of security requirements for e-health system by applying model oriented security requirements engineering (MOSRE) framework. In: Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology, pp. 126\u2013131. ACM (2012b)","DOI":"10.1145\/2393216.2393238"},{"key":"4067_CR86","doi-asserted-by":"publisher","first-page":"2799","DOI":"10.1016\/j.proeng.2012.06.328","volume":"38","author":"P Salini","year":"2012","unstructured":"Salini, P.; Kanmani, S.: Security requirements engineering process for web applications. Procedia Eng. 38, 2799\u20132807 (2012c)","journal-title":"Procedia Eng."},{"issue":"3","key":"4067_CR87","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/s10207-015-0305-x","volume":"15","author":"P Salini","year":"2016","unstructured":"Salini, P.; Kanmani, S.: Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems. Int. J. Inf. Secur. 15(3), 319\u2013334 (2016)","journal-title":"Int. J. Inf. Secur."},{"issue":"3","key":"4067_CR88","first-page":"435","volume":"15","author":"P Salini","year":"2018","unstructured":"Salini, P.; Kanmani, S.: Performance analysis of security requirements engineering framework by measuring the vulnerabilities. Int. Arab J. Inf. Technol. 15(3), 435\u2013444 (2018)","journal-title":"Int. Arab J. Inf. Technol."},{"issue":"Preprint","key":"4067_CR89","first-page":"1","volume":"1","author":"S Salva","year":"2019","unstructured":"Salva, S.; Regainia, L.: A catalogue associating security patterns and attack steps to design secure applications. J. Comput. Secur. 1(Preprint), 1\u201326 (2019)","journal-title":"J. Comput. Secur."},{"issue":"2","key":"4067_CR90","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/s00766-013-0195-2","volume":"20","author":"R Scandariato","year":"2015","unstructured":"Scandariato, R.; Wuyts, K.; Joosen, W.: A descriptive study of Microsoft\u2019s threat modeling technique. Requir. Eng. 20(2), 163\u2013180 (2015)","journal-title":"Requir. Eng."},{"key":"4067_CR91","doi-asserted-by":"crossref","unstructured":"Schmidt, H.: Threat and risk-analysis during early security requirements engineering. In: Proceedings of the 5th International Conference on Availability, Reliability and Security (ARES), Krakow, Poland, pp. 188\u2013195. IEEE Computer Society (2010)","DOI":"10.1109\/ARES.2010.14"},{"key":"4067_CR92","volume-title":"Security Engineering with Patterns: Origins, Theoretical Models, and New Applications","author":"M Schumacher","year":"2001","unstructured":"Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. Springer, New York (2001)"},{"key":"4067_CR93","unstructured":"Shostack, A.: Experiences threat modeling at Microsoft. In: Proceedings of the 1st International Modeling Security Workshop(MODSEC), Lancaster, UK, pp. 1\u201311. Springer (2008)"},{"key":"4067_CR94","unstructured":"Sindre, G.; Firesmith, D.G.; Opdahl, A.L.: A reuse-based approach to determining security requirements. In: Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality(REFSQ), Velden, Austria, pp. 127\u2013136. Springer, New York (2003)"},{"key":"4067_CR95","unstructured":"Sindre, G.; Opdahl, A.L.: Capturing security requirements through misuse cases. In: Proceedings of the 14th Norwegian Informatics Conference (NIK), Tromso, Norway, pp. 1\u201312. Academic Press, London (2001)"},{"issue":"1","key":"4067_CR96","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/s00766-004-0194-4","volume":"10","author":"G Sindre","year":"2005","unstructured":"Sindre, G.; Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34\u201344 (2005)","journal-title":"Requir. Eng."},{"issue":"2","key":"4067_CR97","first-page":"3","volume":"4","author":"G Sindre","year":"2008","unstructured":"Sindre, G.; Opdahl, A.L.: Misuse cases for identifying system dependability threats. J. Inf. Priv. Secur. 4(2), 3\u201322 (2008)","journal-title":"J. Inf. Priv. Secur."},{"key":"4067_CR98","doi-asserted-by":"crossref","unstructured":"Singhal, A.: Development of Agile security framework using a hybrid technique for requirements elicitation. In: Advances in Computing, Communication and Control, pp. 178\u2013188. Springer, New York (2011)","DOI":"10.1007\/978-3-642-18440-6_22"},{"issue":"2","key":"4067_CR99","first-page":"1283","volume":"5","author":"AS Sonia","year":"2014","unstructured":"Sonia, A.S.; Balwani, J.: Analysing security and software requirements using multi-layered iterative model. Int. J. Comput. Sci. Inf. Technol. (IJCSIT) 5(2), 1283\u20131287 (2014)","journal-title":"Int. J. Comput. Sci. Inf. Technol. (IJCSIT)"},{"key":"4067_CR100","doi-asserted-by":"crossref","unstructured":"Soomro, I.; Ahmed, N.: Towards security risk-oriented misuse cases. In: Proceedings of the 10th International Conference on Business Process Management, Tallinn, Estonia, pp. 689\u2013700. Springer, New York (2012)","DOI":"10.1007\/978-3-642-36285-9_68"},{"key":"4067_CR101","doi-asserted-by":"crossref","unstructured":"Souag, A.; Salinesi, C.; Mazo, R.; Comyn-Wattiau, I.: A security ontology for security requirements elicitation. In: International Symposium on Engineering Secure Software and Systems, pp. 157\u2013177. Springer, New York (2015)","DOI":"10.1007\/978-3-319-15618-7_13"},{"issue":"3","key":"4067_CR102","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/s00766-012-0153-4","volume":"18","author":"H Suleiman","year":"2013","unstructured":"Suleiman, H.; Svetinovic, D.: Evaluating the effectiveness of the security quality requirements engineering (SQUARE) method: a case study using smart grid advanced metering infrastructure. Requir. Eng. 18(3), 251\u2013279 (2013)","journal-title":"Requir. Eng."},{"issue":"4","key":"4067_CR103","first-page":"1","volume":"29","author":"A Susi","year":"2005","unstructured":"Susi, A.; Perini, A.; Mylopoulos, J.; Giorgini, P.: The Tropos metamodel and its use. Informatica 29(4), 1\u20138 (2005)","journal-title":"Informatica"},{"issue":"2","key":"4067_CR104","first-page":"119","volume":"41","author":"JL Velasco","year":"2009","unstructured":"Velasco, J.L.; Valencia-Garc\u00eda, R.; Fern\u00e1ndez-Breis, J.T.; Toval, A.; et al.: Modelling reusable security requirements based on an ontology framework. J. Res. Pract. Inf. Technol. 41(2), 119 (2009)","journal-title":"J. Res. Pract. Inf. Technol."},{"issue":"4","key":"4067_CR105","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1082983.1083207","volume":"30","author":"J Viega","year":"2005","unstructured":"Viega, J.: Building security requirements with CLASP. SIGSOFT Softw. Eng. Not. 30(4), 1\u20137 (2005)","journal-title":"SIGSOFT Softw. Eng. Not."},{"key":"4067_CR106","doi-asserted-by":"crossref","unstructured":"Wang, W.; Gupta, A.; Niu, N.: Mining security requirements from common vulnerabilities and exposures for Agile projects. In: 2018 IEEE 1st International Workshop on Quality Requirements in Agile Projects (QuaRAP), pp. 6\u20139. IEEE (2018)","DOI":"10.1109\/QuaRAP.2018.00007"},{"key":"4067_CR107","doi-asserted-by":"crossref","unstructured":"Williams, I.: An ontology based collaborative recommender system for security requirements elicitation. In: 2018 IEEE 26th International Requirements Engineering Conference (RE), pp. 448\u2013453. IEEE (2018)","DOI":"10.1109\/RE.2018.00060"},{"key":"4067_CR108","doi-asserted-by":"crossref","unstructured":"Wirtz, R.; Heisel, M.: A systematic method to describe and identify security threats based on functional requirements. In: International Conference on Risks and Security of Internet and Systems, Vol. 11391, pp. 205\u2013221. Springer, New York (2019)","DOI":"10.1007\/978-3-030-12143-3_17"}],"container-title":["Arabian Journal for Science and Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13369-019-04067-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s13369-019-04067-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13369-019-04067-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,8,4]],"date-time":"2020-08-04T23:21:37Z","timestamp":1596583297000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s13369-019-04067-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,8,6]]},"references-count":108,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2019,11]]}},"alternative-id":["4067"],"URL":"https:\/\/doi.org\/10.1007\/s13369-019-04067-3","relation":{},"ISSN":["2193-567X","2191-4281"],"issn-type":[{"value":"2193-567X","type":"print"},{"value":"2191-4281","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,8,6]]},"assertion":[{"value":"19 April 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 July 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"6 August 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}