A framework for security requirements engineering

This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. One starts with enumeration of security goals based on assets in the system. These goals are used to derive security requirements in the form of constraints. The system context is described using a problem-centered notation, then this context is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context, or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems

Requirements Engineering in the Development Process of Web Systems: A Systematic Literature Review

Requirements Engineering (RE) is the first phase in the software development process during which designers attempt to fully satisfy users’ needs. Web Engineering (WE) methods should consider adapting RE to the Web’s large and diverse user groups. The objective of this work is to classify the literature with regard to the RE applied in WE in order to obtain the current “state-of-the-art”. The present work is based on the Systematic Literature Review (SLR) method proposed by Kitchenham; we have reviewed publications from ACM, IEEE, Science Direct, DBLP and World Wide Web. From a population of 3059 papers, we identified 14 primary studies, which provide information concerning RE when used in WE methods.This work has been partially supported by the Programa de Fomento y Apoyo a Proyectos de Investigación (PROFAPI) from the Universidad Autónoma de Sinaloa (México), and the MANTRA project (GRE09-17) from the University of Alicante, Spain, and GV/2011/035 from the Valencia Government

Adaptable software reuse:binding time aware modelling language to support variations of feature binding time in software product line engineering

Software product line engineering (SPLE) is a paradigm for developing a family of software products from the same reusable assets rather than developing individual products from scratch. In many SPLE approaches, a feature is often used as the key abstraction to distinguish between the members of the product family. Thus, the sets of products in the product line are said to have ’common’ features and differ in ’variable’ features. Consequently, reusable assets are developed with variation points where variant features may be bound for each of the diverse products. Emerging deployment environments and market segments have been fuelling demands for adaptable reusable assets to support additional variations that may be required to increase the usage-context of the products of a product line. Similarly, feature binding time - when a feature is included in a product and made available for use - may vary between the products because of uncertain market conditions or diverse deployment environments. Hence, variations of feature binding time should also be supported to cover the wide-range of usage-contexts. Through the execution of action research, this thesis has established the following: Language-based implementation techniques, that are specifically proposed to implement variations in the form of features, have better modularity but are not better than the existing classical technique in terms of modifiability and do not support variations in feature binding time. Similarly, through a systematic literature review, this thesis has established the following: The different engineering approaches that are proposed to support variations of feature binding time are limited in one of the following ways: a feature may have to be represented/implemented multiple time, each for a specific binding time; The support is only to execution context and therefore limited in scope; The support focuses on too fine-grained model elements or too low-level of abstraction at source-codes. Given the limitations of the existing approaches, this thesis presents binding time aware modelling language that supports variations of feature binding time by design and improves the modifiability of reusable assets of a product line

An engineering process for security patterns application in component based models

International audienceSecurity engineering with patterns is currently a very active area of research. Security patterns - an adaptation of Design Patterns to security - capture experts' experience in order to solve recurrent security problems in a structured and reusable way. In this paper, our objective is to describe an engineering process, called SCRIP (SeCurity patteRn Integration Process), which provides guidelines for integrating security patterns into component-based models. SCRIP defines activities and products to integrate security patterns in the whole development process, from UML component modeling until aspect code generation. The definition of SCRIP has been made using the OMG standard Software and System Process Engineering Meta-model (SPEM). We are developing a CASE tool to support that process

Management of quality requirements in agile and rapid software development: A systematic mapping study

Context: Quality requirements (QRs) describe the desired quality of software, and they play an important role in the success of software projects. In agile software development (ASD), QRs are often ill-defined and not well addressed due to the focus on quickly delivering functionality. Rapid software development (RSD) approaches (e.g., continuous delivery and continuous deployment), which shorten delivery times, are more prone to neglect QRs. Despite the significance of QRs in both ASD and RSD, there is limited synthesized knowledge on their management in those approaches. Objective: This study aims to synthesize state-of-the-art knowledge about QR management in ASD and RSD, focusing on three aspects: bibliometric, strategies, and challenges. Research method: Using a systematic mapping study with a snowballing search strategy, we identified and structured the literature on QR management in ASD and RSD. Results: We found 156 primary studies: 106 are empirical studies, 16 are experience reports, and 34 are theoretical studies. Security and performance were the most commonly reported QR types. We identified various QR management strategies: 74 practices, 43 methods, 13 models, 12 frameworks, 11 advices, 10 tools, and 7 guidelines. Additionally, we identified 18 categories and 4 non-recurring challenges of managing QRs. The limited ability of ASD to handle QRs, time constraints due to short iteration cycles, limitations regarding the testing of QRs and neglect of QRs were the top categories of challenges. Conclusion: Management of QRs is significant in ASD and is becoming important in RSD. This study identified research gaps, such as the need for more tools and guidelines, lightweight QR management strategies that fit short iteration cycles, investigations of the link between QRs challenges and technical debt, and extension of empirical validation of existing strategies to a wider context. It also synthesizes QR management strategies and challenges, which may be useful for practitioners.Peer ReviewedPostprint (author's final draft

Arguing satisfaction of security requirements

This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements

Requirements Engineering

Requirements Engineering (RE) aims to ensure that systems meet the needs of their stakeholders including users, sponsors, and customers. Often consid- ered as one of the earliest activities in software engineering, it has developed into a set of activities that touch almost every step of the software development process. In this chapter, we reflect on how the need for RE was first recognised and how its foundational concepts were developed. We present the seminal papers on four main activities of the RE process, namely (i) elicitation, (ii) modelling & analysis, (iii) as- surance, and (iv) management & evolution. We also discuss some current research challenges in the area, including security requirements engineering as well as RE for mobile and ubiquitous computing. Finally, we identify some open challenges and research gaps that require further exploration

Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications