Software Security Requirement Engineering for Risk and Compliance Management

Abstract

The objective of the research work is to propose a software based security requirement engineering model using categorical and morphisms theory. The earlier security requirement engineering models focus different viewpoints on parallel processing and develop rewrite based knowledge centred models but does not include different functional mappings between the security objects to select the best strategy. The security models have not considered the needed security functions that are to be implemented in different environments with different levels of executions. The proposed requirement engineering model is based on the formal theory of category of objects and the morphisms between them in addition to n categories and multiple morphisms that were used to organize the security requirement functional objects of different categories. The on demand security requirement objects, morphisms and the uncertain events in any one of the subsystems are considered to manage this security requirement category as an algebraic data types. The collection of security requirement objects using classification and clustering techniques are implicitly applied by the formation of category and morphism. The risk and compliances both in the form of direct and indirect categories are mapped so as to provide a security assurance functors with minimum risk on the requirements to the next design state. An ‘n’ category and ‘n’ morphic model for software security requirement model is proposed towards for minimum security risks through efficient compliance management techniques.