Publikationen

@INPROCEEDINGS{Knauss2011,
  author = {Eric Knauss and Siv Houmb and Kurt Schneider and Shareeful Islam
	and Jan Jürjens},
  title = {{S}upporting {R}equirements {E}ngineers in {R}ecognising {S}ecurity
	{I}ssues},
  booktitle = {Proceedings of the 17th International Working Conference on Requirements
	Engineering: Foundation for Software Quality (REFSQ '11)},
  year = {2011},
  editor = {Daniel Berry and Xavier Franch},
  series = {LNCS},
  address = {Essen, Germany},
  publisher = {Springer},
  abstract = {<b>Context & motivation:</b> More and more software projects today
	are security-related in one way or the other. Many environments are
	initially not considered security-related and no security experts
	are assigned. Requirements engineers often fail to recognise indicators
	for security problems. <b>Question/problem:</b> Ignoring security
	issues early in a project is a major source of recurring security
	problems in practice. Identifying security-relevant requirements
	is labour-intensive and error-prone. Security may be neglected in
	order to finish on time and in budget. <b>Principal ideas/results:</b>
	In this paper, we address this problem by presenting a tool-supported
	method that provides assistance for requirements engineering, with
	an emphasis on security requirements. We investigate whether security-relevant
	requirements can be automatically identified using a Bayesian classifier.
	Our results indicate that this is feasible, in particular if the
	classifier is trained with domain specific data and documents from
	previous projects. <b>Contribution:</b> We show how the ability to
	identify security-relevant requirements can be integrated in a workflow
	of requirements analysis and reuse of experience. In practice, this
	can increase security awareness within the software development process.
	We discuss limitations and potential of this approach.}
}