3,872 research outputs found

    A POS Tagging Approach to Capture Security Requirements within an Agile Software Development Process

    Get PDF
    Software use is an inescapable reality. Computer systems are embedded into devices from the mundane to the complex and significantly impact daily life. Increased use expands the opportunity for malicious use which threatens security and privacy. Factors such as high profile data breaches, rising cost due to security incidents, competitive advantage and pending legislation are driving software developers to integrate security into software development rather than adding security after a product has been developed. Security requirements must be elicited, modeled, analyzed, documented and validated beginning at the initial phases of the software engineering process rather than being added at later stages. However, approaches to developing security requirements have been lacking which presents barriers to security requirements integration during the requirements phase of software development. In particular, software development organizations working within short development lifecycles (often characterized as agile lifecycle) and minimal resources need a light and practical approach to security requirements engineering that can be easily integrated into existing agile processes. In this thesis, we present an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small, agile organizations. The approach is based on identifying candidate security goals, categorizing security goals based on security principles, understanding the stakeholder goals to develop preliminary security requirements and prioritizing preliminary security requirements. The identification activity consists of part of speech (POS) tagging of requirements related artifacts for security terminology to discover candidate security goals. The categorization activity applies a general security principle to candidate goals. Elicitation activities are undertaken to gain a deeper understanding of the security goals from stakeholders. Elicited goals are prioritized using risk management techniques and security requirements are developed from validated goals. Security goals may fail the validation activity, requiring further iterations of analysis, elicitation, and prioritization activities until stakeholders are satisfied with or have eliminated the security requirement. Finally, candidate security requirements are output which can be further modeled, defined and validated using other approaches. A security requirements repository is integrated into our proposed approach for future security requirements refinement and reuse. We validate the framework through an industrial case study with a small, agile software development organization

    Generating natural language specifications from UML class diagrams

    Get PDF
    Early phases of software development are known to be problematic, difficult to manage and errors occurring during these phases are expensive to correct. Many systems have been developed to aid the transition from informal Natural Language requirements to semistructured or formal specifications. Furthermore, consistency checking is seen by many software engineers as the solution to reduce the number of errors occurring during the software development life cycle and allow early verification and validation of software systems. However, this is confined to the models developed during analysis and design and fails to include the early Natural Language requirements. This excludes proper user involvement and creates a gap between the original requirements and the updated and modified models and implementations of the system. To improve this process, we propose a system that generates Natural Language specifications from UML class diagrams. We first investigate the variation of the input language used in naming the components of a class diagram based on the study of a large number of examples from the literature and then develop rules for removing ambiguities in the subset of Natural Language used within UML. We use WordNet,a linguistic ontology, to disambiguate the lexical structures of the UML string names and generate semantically sound sentences. Our system is developed in Java and is tested on an independent though academic case study

    Non-Functional Requirements Elicitation Guideline for Agile Methods

    Get PDF
    One of the essential activities in software development is elicitation of requirement. Majority of the studies has pointed out that less attention is given to the NonFunctional Requirement (NFR). The negligence of NFR elicitation is due to lack of knowledge of the user and developer about NFR. Our study presents elicitation guidelines for NFRs in agile methods. This guideline will helps developers as well as users in agile methods. A case study is conducted on the group of master students for eliciting NFR with the help of elicitation guidelines. In addition, the initial results were obtained by extracting NFRs from eProcurement document that carries requirements of major European Union projects. The result of the case study is positive and encouraging for the new developers and users having less awareness about NFRs. Furthermore, the study describes the role of cloud computing in agile methods, especially in elicitation activity

    Requirement engineering of a Cooperative Information System using viewpoints

    Get PDF
    International audienceIn this paper we are interested in cooperative infor-mation systems (CIS) in inter-organizational environments. They are information systems on a large scale, which con-nect different organizations, often autonomous, sharing common goals, forming in this case inter-organizational system (IOS). In order to develop a CIS, we propose a Vp-CIs approach, which incorporates a notion of software en-gineering, which are the viewpoints from the needs analysis phase to describe their requirements and needs. This ap-proach defines a meta-model of viewpoint, which enable us to instantiate the viewpoints necessary to identify the needs and requirements of a CIS
    • …
    corecore