Security Assurance Requirements Engineering (STARE) for Trustworthy Service Level Agreements

Abstract

With the development of trustworthy services, security requirements are of paramount importance for any service (X-as-a-Service). This work-in-progress paper motivates the need for a new approach to requirements engineering for trustworthy services, which helps organisations to systematically define a set of security requirements and describe these in a service level agreement (SLA). This proposed research aims to provide adequate assurances to users by introducing the concept of the Trustworthy Service Level Agreement (TSLA). The proposed research design involves three stages: The first is to develop an initial method of Security Assurance Requirements Engineering (STARE) by refining the nine Security Quality Requirements Engineering (SQUARE) activities. The key activities of STARE include: eliciting security requirements, classification of security requirements, and developing the novel concept of the TSLA. In the second stage, the effectiveness of STARE is evaluated using two real-world case studies: state cyber defence and lawful interception as a service. Finally, the process of implementing the STARE activities will be evaluated using selected service providers that deliver such services to defence and law enforcement agencies. Given the current state of requirements engineering for services, it is anticipated that this research will have a significant impact in terms of guaranteeing secure and trustworthy services in various domains