ABSTRACT
Security is one essential quality requirement that needs to be addressed during the software development process. While quality requirements such as security are supposed to be the architectural drivers, architecture solutions such as security patterns represent design decisions on the architecture and design levels that in turn might constrain quality requirements significantly. Thus, knowledge which is gained in the solution space, for example from security patterns, should be reflected in the requirements engineering to obtain sound architectures and correct requirements. We propose to reuse security patterns in the requirements engineering in a systematic manner to equip requirement models with security solution approaches early in the software development process. To this end, we propose problem-oriented security patterns. Each problem-oriented security pattern consists of a three-part graphical pattern representing the functional problem which describes the functional requirement annotated with a security requirement, the solution to the security requirement, and the composition of them. In addition, we provide a template that captures the affect of applying the security solution on the requirement models.
- Alebrahim, A., Choppy, C., Fassbender, S., and Heisel, M. 2014. Optimizing functional and quality requirements according to stakeholders' goals. In System Quality and Software Architecture (SQSA). Elsevier, 75--120.Google Scholar
- Alebrahim, A., Hatebur, D., and Heisel, M. 2011a. A method to derive software architectures from quality requirements. In Proceedings of the 18th Asia-Pacific Software Engineering Conference (APSEC), T. D. Thu and K. Leung, Eds. IEEE Computer Society, 322--330. Google ScholarDigital Library
- Alebrahim, A., Hatebur, D., and Heisel, M. 2011b. Towards systematic integration of quality requirements into software architecture. In Proceedings of the 5th European Conference on Software Architecture (ECSA), I. Crnkovic, V. Gruhn, and M. Book, Eds. LNCS 6903. Springer Verlag, 17--25. Google ScholarDigital Library
- Alebrahim, A., Heisel, M., and Meis, R. 2014. A structured approach for eliciting, modeling, and using quality-related domain knowledge. In Proceedings of the 14th International Conference on Computational Science and Its Applications (ICCSA). LNCS 8583. Springer, 370--386.Google Scholar
- Alebrahim, A., Tun, T. T., Yu, Y., Heisel, M., and Nuseibeh, B. 2012. An aspect-oriented approach to relating security requirements and access control. In Proceedings of the CAiSE Forum. CEUR Workshop Proceedings Series, vol. 855. CEUR-WS.org, 15--22.Google Scholar
- Beckers, K., Fassbender, S., and Heisel, M. 2013. A meta-model approach to the fundamentals for a pattern language for context elicitation. In Proceedings of the 18th European Conference on Pattern Languages of Programs (EuroPLoP). ACM, --. Accepted for Publication.Google Scholar
- Choppy, C., Hatebur, D., and Heisel, M. 2005. Architectural patterns for problem frames. IEE Proceedings -- Software, Special issue on Relating Software Requirements and Architecture 152, 4, 198--208.Google Scholar
- Chung, L., Nixon, B. A., Yu, E., and Mylopoulos, J. 2000. Non-functional requirements in software engineering. Klewer Academic.Google Scholar
- Côté, I., Hatebur, D., Heisel, M., Schmidt, H., and Wentzlaff, I. 2008. A Systematic Account of Problem Frames. In Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP). Universitätsverlag Konstanz, 749--767.Google Scholar
- Fowler, M. 1996. Analysis Patterns: Reusable Object Models. Addison Wesley. Google ScholarDigital Library
- Gamma, E., Helm, R., Johnson, R., and Vlissides, J. 1995. Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley. Google ScholarDigital Library
- Hatebur, D. and Heisel, M. 2010a. Making Pattern- and Model-Based Software Development More Rigorous. In Proceedings of 12th International Conference on Formal Engineering Methods (ICFEM), J. S. Dong and H. Zhu, Eds. LNCS 6447. Springer Verlag, 253--269. Google ScholarDigital Library
- Hatebur, D. and Heisel, M. 2010b. A UML profile for requirements analysis of dependable software. In Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP), E. Schoitsch, Ed. LNCS 6351. Springer Verlag, 317--331. Google ScholarDigital Library
- Hatebur, D., Heisel, M., and Schmidt, H. 2006. Security engineering using problem frames. In Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS). Springer Verlag, 238--253. Google ScholarDigital Library
- Hatebur, D., Heisel, M., and Schmidt, H. 2007. A pattern system for security requirements engineering. In Proceedings of the 7th International Conference on Availability, Reliability and Security (AReS). IEEE Computer Society, Los Alamitos, CA, USA, 356--365. Google ScholarDigital Library
- Jackson, M. 2001. Problem Frames. Analyzing and structuring software development problems. Addison-Wesley. Google ScholarDigital Library
- Kreutzmann, H., Vollmer, S., Tekampe, N., and Abromeit, A. 2011a. Protection profile for the gateway of a smart metering system. Tech. rep., BSI.Google Scholar
- Kreutzmann, H., Vollmer, S., Tekampe, N., and Abromeit, A. 2011b. Protection profile for the security module of a smart metering system. Tech. rep., BSI.Google Scholar
- Lamsweerde, A. 2009a. Reasoning about alternative requirements options. In Conceptual Modeling: Foundations and Applications, A. Borgida, V. Chaudhri, P. Giorgini, and E. Yu, Eds. Vol. LNCS 5600. Springer, 380--397. Google ScholarDigital Library
- Lamsweerde, A. 2009b. Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley. Google ScholarDigital Library
- Laney, R., Barroca, L., Jackson, M., and Nuseibeh, B. 2004. Composing requirements using problem frames. In Proceedings of the 4th IEEE International Requirements Engineering Conference (RE). Press, 122--131. Google ScholarDigital Library
- Li, Y., Kobro Runde, R., and Stølen, K. 2013. A meta-model approach to the fundamentals for a pattern language for context elicitation. In Proceedings of the 20th Conference on Pattern Languages of Programs (PLOP).Google Scholar
- Nuseibeh, B. 2001. Weaving together requirements and architectures. IEEE Computer 34, 3, 115--117. Google ScholarDigital Library
- Rapanotti, L., Hall, J. G., Jackson, M., and Nuseibeh, B. 2004. Architecture-driven problem decomposition. In Proceedings of the 12th IEEE International Requirements Engineering Conference (RE). 80--89. Google ScholarDigital Library
- Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., and Sommerlad, P. 2005. Security patterns: integrating security and systems engineering. John Wiley & Sons. Google ScholarDigital Library
- Shaw, M. and Garlan, G. 1996. Software Aechitecture: Perspectives on an emerging discipline. Prentice Hall. Google ScholarDigital Library
- Whalen, M., Gacek, A., Cofer, D., Murugesan, A., Heimdahl, M., and Rayadurgam, S. 2013. Your "What" Is My "How": Iteration and Hierarchy in System Design. IEEE Software 30, 2, 54--60. Google ScholarDigital Library
- Yskout, K., Heyman, T., Scandariato, R., and Joosen, W. 2006. A system of security patterns. Report CW 469, K. U. Leuven, Department of Computer Science.Google Scholar
Index Terms
- Problem-oriented security patterns for requirements engineering
Recommendations
A Norm-Based Approach towards Requirements Patterns
COMPSAC '11: Proceedings of the 2011 IEEE 35th Annual Computer Software and Applications ConferenceRequirements engineering is considered to be one of the crucial and at the same time difficult tasks during development process. It is considered to be one of the key factors causing software projects to fail since weak requirements engineering affects ...
Secure Tropos framework for software product lines requirements engineering
Security and requirements engineering are two of the most important factors of success in the development of a software product line (SPL). Goal-driven security requirements engineering approaches, such as Secure Tropos, have been proposed as a suitable ...
Security requirements engineering framework for software product lines
Context: The correct analysis and understanding of security requirements are important because they assist in the discovery of any security or requirement defects or mistakes during the early stages of development. Security requirements engineering is ...
Comments