97,517 research outputs found
Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems
We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment
aimed at fostering the collaboration between system designers and security
experts at all methodological stages of the development of an embedded system.
A central issue in the design of an embedded system is the definition of the
hardware/software partitioning of the architecture of the system, which should
take place as early as possible. SysML-Sec aims to extend the relevance of this
analysis through the integration of security requirements and threats. In
particular, we propose an agile methodology whose aim is to assess early on the
impact of the security requirements and of the security mechanisms designed to
satisfy them over the safety of the system. Security concerns are captured in a
component-centric manner through existing SysML diagrams with only minimal
extensions. After the requirements captured are derived into security and
cryptographic mechanisms, security properties can be formally verified over
this design. To perform the latter, model transformation techniques are
implemented in the SysML-Sec toolchain in order to derive a ProVerif
specification from the SysML models. An automotive firmware flashing procedure
serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
A requirements engineering framework for integrated systems development for the construction industry
Computer Integrated Construction (CIC) systems are computer environments through which
collaborative working can be undertaken. Although many CIC systems have been developed to demonstrate the
communication and collaboration within the construction projects, the uptake of CICs by the industry is still
inadequate. This is mainly due to the fact that research methodologies of the CIC development projects are
incomplete to bridge the technology transfer gap. Therefore, defining comprehensive methodologies for the
development of these systems and their effective implementation on real construction projects is vital.
Requirements Engineering (RE) can contribute to the effective uptake of these systems because it drives the
systems development for the targeted audience. This paper proposes a requirements engineering approach for
industry driven CIC systems development. While some CIC systems are investigated to build a broad and deep
contextual knowledge in the area, the EU funded research project, DIVERCITY (Distributed Virtual Workspace
for Enhancing Communication within the Construction Industry), is analysed as the main case study project
because its requirements engineering approach has the potential to determine a framework for the adaptation of
requirements engineering in order to contribute towards the uptake of CIC systems
An Adaptive Design Methodology for Reduction of Product Development Risk
Embedded systems interaction with environment inherently complicates
understanding of requirements and their correct implementation. However,
product uncertainty is highest during early stages of development. Design
verification is an essential step in the development of any system, especially
for Embedded System. This paper introduces a novel adaptive design methodology,
which incorporates step-wise prototyping and verification. With each adaptive
step product-realization level is enhanced while decreasing the level of
product uncertainty, thereby reducing the overall costs. The back-bone of this
frame-work is the development of Domain Specific Operational (DOP) Model and
the associated Verification Instrumentation for Test and Evaluation, developed
based on the DOP model. Together they generate functionally valid test-sequence
for carrying out prototype evaluation. With the help of a case study 'Multimode
Detection Subsystem' the application of this method is sketched. The design
methodologies can be compared by defining and computing a generic performance
criterion like Average design-cycle Risk. For the case study, by computing
Average design-cycle Risk, it is shown that the adaptive method reduces the
product development risk for a small increase in the total design cycle time.Comment: 21 pages, 9 figure
Iterative criteria-based approach to engineering the requirements of software development methodologies
Software engineering endeavours are typically based on and governed by the requirements of the target software; requirements identification is therefore an integral part of software development methodologies. Similarly, engineering a software development methodology (SDM) involves the identification of the requirements of the target methodology. Methodology engineering approaches pay special attention to this issue; however, they make little use of existing methodologies as sources of insight into methodology requirements. The authors propose an iterative method for eliciting and specifying the requirements of a SDM using existing methodologies as supplementary resources. The method is performed as the analysis phase of a methodology engineering process aimed at the ultimate design and implementation of a target methodology. An initial set of requirements is first identified through analysing the characteristics of the development situation at hand and/or via delineating the general features desirable in the target methodology. These initial requirements are used as evaluation criteria; refined through iterative application to a select set of relevant methodologies. The finalised criteria highlight the qualities that the target methodology is expected to possess, and are therefore used as a basis for de. ning the final set of requirements. In an example, the authors demonstrate how the proposed elicitation process can be used for identifying the requirements of a general object-oriented SDM. Owing to its basis in knowledge gained from existing methodologies and practices, the proposed method can help methodology engineers produce a set of requirements that is not only more complete in span, but also more concrete and rigorous
<i>Trace++</i>: A Traceability Approach for Agile Software Engineering
Agile methodologies have been introduced as an alternative to traditional software engineering methodologies. However, despite the advantages of using agile methodologies, the transition between traditional and agile methodologies is not an easy task. There are several problems associated with the use of agile methodologies. Examples of these problems are related to (i) lack of metrics to measure the amount of rework that occurs per sprint, (ii) interruption of a project after several iterations, (iii) changes in the requirements, (iv) lack of documentation, and (v) lack of management control. In this paper we present Trace++, a traceability technique that extends traditional traceability relationships with extra information in order to support the transition between traditional and agile software development. The use of Trace++ has been evaluated in two real projects of different software development companies to measure the benefits of using Trace++ to support agile software development
Incorporating Agile with MDA Case Study: Online Polling System
Nowadays agile software development is used in greater extend but for small
organizations only, whereas MDA is suitable for large organizations but yet not
standardized. In this paper the pros and cons of Model Driven Architecture
(MDA) and Extreme programming have been discussed. As both of them have some
limitations and cannot be used in both large scale and small scale
organizations a new architecture has been proposed. In this model it is tried
to opt the advantages and important values to overcome the limitations of both
the software development procedures. In support to the proposed architecture
the implementation of it on Online Polling System has been discussed and all
the phases of software development have been explained.Comment: 14 pages,1 Figure,1 Tabl
Model-Based Security Testing
Security testing aims at validating software system requirements related to
security properties like confidentiality, integrity, authentication,
authorization, availability, and non-repudiation. Although security testing
techniques are available for many years, there has been little approaches that
allow for specification of test cases at a higher level of abstraction, for
enabling guidance on test identification and specification as well as for
automated test generation.
Model-based security testing (MBST) is a relatively new field and especially
dedicated to the systematic and efficient specification and documentation of
security test objectives, security test cases and test suites, as well as to
their automated or semi-automated generation. In particular, the combination of
security modelling and test generation approaches is still a challenge in
research and of high interest for industrial applications. MBST includes e.g.
security functional testing, model-based fuzzing, risk- and threat-oriented
testing, and the usage of security test patterns. This paper provides a survey
on MBST techniques and the related models as well as samples of new methods and
tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582
- …