1. Guide Research Centre Dr. Snehanshu Saha Department of CSE ProfessorPESIT-South Campus PESIT South Campus Bangalore-560100University: VTU Branch: CSE Multi Layer Security Requirements Elicitation Approach to Improve the Quality of Application Security 2-8-2015 Intended Date of Ph.D Thesis Submission – Third week of August 2015

2. Reputed Journal Publications Journal 1: “The Need for Measuring the Quality of Application Security” published by American Society for Quality (ASQ) Journal, Software Quality Professional, Volume 17, Issue 2, March 2015. Journal 2 :“Application Security Risk: Assessment and Quantification” Accepted for publication by ISACA Journal ( scopus Index) in Volume 15, Issue 5. Journal 3 :Vulnerability Detection in Security Requirements: Design Thinking and Binarization Based Approach” under minor revisions by Crosstalk, US Defense Journal. Journal 4: A Prolog to Application Resiliency: Generation of Attack Resilient Security Requirements (Manuscript under review by Journal) Journal 5: “Classification, Prioritization and Refinement of Security Requirements: Affinity and Tree Diagram Based Approach”. ( Manuscript under review by Journal)

3. Introduction Data Apps S/W Network Unauthorized or Authorized access Traditional Focus Needed Focus Threat Attack- Objectives & Impact Objectives Market Manipulation Strategic Advantage In National Defense Economic Advantage In Industry Competitive position In Business Negotiations Damage To Critical infrastructure Politically Driven Cause Impact of security breach Cost of recovery and lost productivity Loss of data Impact on consumer confidence Legal risks Data Leakage, Reputation Damage Regulatory Complications

4. Our Approach

5. Quality of Application Security Intending to file for US patent

6. Application Security Risk: Assessment and Modeling Application Security Risk Metric(ASRM)

7. Security Requirements the Base to Enhance QAS: Classification, Prioritization, Refinement and Elicitation of Resilient Security Requirements Affinity and Tree Diagram concept

8. Vulnerability Detection in Security Requirements Design Thinking Binarization Bayesian model Risk reduction

9. Research Outcome Concept of Quality of application security (QAS) A metric to measure it. Assessment and measurement of application security risk Security requirements a potential base to enhance the quality of application security and to reduce the risk associated with security. The concept of dynamic attack resilient security requirements. Application risk-centric classification and prioritization of security requirements. Application of affinity and tree diagram concept to refine SR from high level to implementation level. Concept and formation of application specific Security Requirements Attributes (SRA) Application of Design Thinking and Binarization process to detect vulnerabilities in SR Vulnerability removal in security requirements phases through conversion of vulnerable SR into Non-Vulnerable SR. Bayes Model for Vulnerability Detection in SR R(α1 | x) = λ11P(ω1 | x) + λ12P(ω2 | x) R(α2 | x) = λ21P(ω1 | x) + λ22P(ω2 | x) Conditional Risk

10. International Conference Publications A Comprehensive Analysis of Factors Influencing Quality of Requirements. Lecture Notes on Software Engineering, [40] LNSE 2013 Vol.1(2): 199-203 ISSN: 2301-3559 DOI: 10.7763/LNSE.2013.V1.45. Available at the link:http://www.lnse.org/list-23-1.html. Indexed in EI (INSPEC, IET), DOAJ, Electronic Journals Library, Engineering & Technology Digital Library, Ulrich's Periodicals Directory, International Computer Science Digital Library (ICSDL), ProQuest and Google ScholarEI (INSPEC, IET)DOAJElectronic Journals Library Software Process Improvement Customization: 3D Flex Model. [41] International Journal of Engineering Research and Technology LNSE (Vol. 2, No. 11 (November-2013)). ESSA Publications. “Customization Of Quality Models In Software Projects To Enhance The Business Value”[42]. In Advance Computing Conference (IACC), 2013 IEEE 3rd International(pp. 1479-1485). Indexed in IEEE Explorer. Citation: This publication is cited by Albeladi, K. S., Khan, U. A., & Khan, P. M. (2014, March). “Driving business value through an effective IT strategy development. In Computing for Sustainable Global Development (INDIACom), 2014 International Conference on (pp. 561-563). IEEE. “Impact Analysis of Volatility and Security on Requirements during Software Development Process” [43] International Conference on Software Engineering and Mobile Application Modeling and Development (ICSEMA) 2012, 19th – 21st December, Chennai, India.. Indexed in IEEE Explorer and IET. Digital library "Affinity and Tree Diagrams: A Practical Approach to Control Requirement Volatility in Software Projects" [44]appeared in the international conference CARET 2013 and indexed in Search Digital Library.

11. International Conference Publications “Optimization Of Conventional Bench Through Virtual Bench Concept “appeared in International conference CSAE2012 held in Pune, India. Indexed in Springer digital library. DOI: http://www.springerlink.com/content/t415ku2056661515/ Quality Attribute Focused Multilayer Requirement Elicitation: Judicious Approach to Drive Business Value" [46]appeared in ICACCI,an international Conference held in August 13.Indexed in IEEE Citation: This paper is cited by García-Mireles, G. A., Moraga, M. Á., García, F., & Piattini, M. (2015). Approaches to promoting product quality within software process improvement initiatives: A mapping study. Journal of Systems and Software, 103, 150-166. " Multilayer Security Requirements Model: Effective Collaboration Of Industry Compliance With Application Security In IT Enterprises" appeared in the international conference ICRDPET-2013 "Ability based domain specific training: A pragmatic solution to poor requirement engineering in CMM level 5 companies" [48]appeared in International conference CSAE2012 held in China.Indexed in IEEE DOI: 10.1109/CSAE.2012.6272993 *** http://www.springerlink.com/content/t415ku2056661515/