Applying tropos to socio-technical system design and runtime configuration

Recent trends in Software Engineering have introduced the importance of reconsidering the traditional idea of software design as a socio-tecnical problem, where human agents are integral part of the system along with hardware and software components. Design and runtime support for Socio-Technical Systems (STSs) requires appropriate modeling techniques and non-traditional infrastructures. Agent-oriented software methodologies are natural solutions to the development of STSs, both humans and technical components are conceptualized and analyzed as part of the same system. In this paper, we illustrate a number of Tropos features that we believe fundamental to support the development and runtime reconfiguration of STSs. Particularly, we focus on two critical design issues: risk analysis and location variability. We show how they are integrated and used into a planning-based approach to support the designer in evaluating and choosing the best design alternative. Finally, we present a generic framework to develop self-reconfigurable STSs

A Semi-Automatic Approach for Eliciting Cloud Security and Privacy Requirements

Cloud computing provides a wide range of services to organisations in a flexible and cost efficient manner. Nevertheless, inherent cloud security issues make organisations hesitant towards the migration of their services to cloud. In parallel, the cloud service-oriented nature requires a specific and more demanding description of the business functional requirements intended for migration. Organisations need to transform their functional requirements based on a specific language, taking into account the respective non-functional requirements of the migrating services. Thus, the need for an approach that will holistically capture organisations\u27 security and privacy requirements and transform them to cloud service requirements is immense. To this end, this paper presents an approach that takes as input abstract security and privacy requirements and produces through a semi-automatic process various alternative implementation options for cloud services. To achieve that a series of model transformations are utilised in order to create a mapping between the organisational and the operational level of the system\u27s analysis

Evaluation Framework for Software Security Requirements Engineering Tools

Tarkvaraarenduses on nõuded kui süsteemi vundament, mis vastutavad ka ebaõnnestumiste eest. Valed nõuded võivad viia tarkvara eripäradeni, mis tegelikult ei vasta spetsifikatsioonidele. Sel põhjusel peetakse nõuete koostamist kõige keerulisemaks ja olulisemaks sammuks tarkvaraarenduse elutsükli kõikide protsesside jooksul. Tänapäeval, kus küberrünnakud on \n\rtavalised, mängivad turvalisuse nõuded väga olulist rolli tarkvaraarenduse protsessis. On levimas uut tüüpi tööriistad, mille kasutamist peetakse kõige efektiivsemaks meetodiks turvalisusnõuete väljatöötamisel. Lisaks võimaldavad need tööriistad lahendada turvalisusega seotud küsimusi kasutajal endal, hoides märgatavalt kokku inseneride aega. Siiski on nende tööriistade \n\rareng alles algstaadiumis ning neid ei ole tarkvarainseneride poolt massiliselt kasutusele võetud. Põhjus on väga pikas uue tarkvara õppimise ja sellega kohanemise protsessis, mis põhjustab ajakadu arendusprotsessis ning lisab projektile kulusid. Projekti jaoks konkreetse tööriista valimisel võib tutvumine ja katsetamine võtta inseneridel hulgaliselt aega. Lisaks sellele võib struktureerimata valikuprotsess viia vale tööriista kasutuselevõtmisele, mis raiskab omakorda kõigi aega ja pingutusi. Selles uurimuses kavatseme me koostada struktureeritud lähenemise, mis aitab insenere turvaliste tööriistade valimisel. Protsessile kaasaaitamiseks saavad analüütikud ja arhitektid hinnata tarkvara omadusi, mida nad enda seisukohast olulisimateks peavad. Sellest lähtuvalt saavad nad valida kindlate tööriistade vahel ning teha parima valiku. \n\rAntud uurimustöös konstrueeritud lähenemisega on võimalik säästa aega, vaeva ja kulutusi. Uurimuse koostamise käigus uurime me tarkvaraarenduse turvaprotsesse, meetodeid ja tööriistu ning püüame luua raamistikku, mis oleks inseneridele turvalisusnõuete tööriistade hindamisel abiks.In software development requirements are considered as building blocks of software system, which also are considered to be responsible in event of failure. Bad requirements can lead to software features that are not to the specifications. For that reason requirement gathering process is considered as the most sensitive and complicated process among all software engineering lifecycle processes. In current age where cyber-attacks are common security requirements also comes into place and plays a very important role in software development process. In order to elicit security requirements new type of tools are begin to form a shape called security engineering tools which help in eliciting security requirements. That considered being the most efficient way of eliciting security requirements. Moreover these tools empower users with artifacts specifically to cater security needs, which save time and efforts for engineers in return. Nevertheless these tools are still at their infantry and are lacking mass adoption by software security engineers. Reason because these tools have steep learning curve which can add-up to development time and end up pushing more cost to the project. In order to decide which tool to select for a particular project require engineers to use these tools which in return will consume tremendous amount of time. Moreover using unstructured tool selection process can also leads to wrong tool selection which will be the waste of time and efforts. In this research work we are going to construct structured approach which will help engineers in security engineering tool selection process. In order to aid this process analysts and architects will be able to rate the features they want the most in a particular security engineering tool. In return from this process they will be able to choose between security engineering tools and select the best one. Finally using approach constructed in this research work will save time, efforts, and costs. In our approach we will analyze security engineering processes, methods and tools, to construct a framework that will help aid engineers in security engineering tool evaluation process