GSTF Journal on Computing (JoC)

In contemporary software development there
are a number of methods that attempt to ensure the security
of a system. Many of these methods are however introduced
in the latter stages of development or try to address the
issues of securing a software system by envisioning possible
threats to that system, knowledge that is usually both
subjective and esoteric.
In this paper we introduce the concept of path fixation
and discuss how contradictory paths or loopholes, discovered
during requirements engineering and using only a
requirements specification document, can lead to potential
security flaws in a proposed system.
The SECREt is a proof-of-concept prototype tool developed
to demonstrate the effectiveness of loophole analysis.
We discuss how the tool performs a loophole analysis
and present the results of tests conducted on an actual
specification document. We conclude that loophole analysis
is an effective, objective method for the discovery of
potential vulnerabilitites that exist in proposed systems and
that the SECREt can be successfully incorporated into the
requirements engineering process.