Secure Tropos framework for software product lines requirements engineering

Security and requirements engineering are two of the most important factors of success in the development of a software product line (SPL). Goal-driven security requirements engineering approaches, such as Secure Tropos, have been proposed as a suitable paradigm for elicitation of security requirements and their analysis on both a social and a technical dimension. Nevertheless, goal-driven security requirements engineering methodologies are not appropriately tailored to the specific demands of SPL, while on the other hand specific proposals of SPL engineering have traditionally ignored security requirements. This paper presents work that fills this gap by proposing “SecureTropos-SPL” framework.     

Preparing for ISO 17799

Abstract

The information security industry has finally developed and published standards. This article examines each of the ten areas identified in the standards document, ISO 17799, and identifies key points the security professional should address in his or her security program. While there are other standards (BS 7799, ISO/TR 15369), this article concentrates on the recommendations of the International Standard ISO/IEC 17799:2000, “Information Security Management, Code of Practice for Information Security Management.” The International Organization for Standardization (ISO)¹ and the International Electrotechnical Commission (IEC) form a specialized system on worldwide standardization. National bodies that are members of ISO and IEC participate in the development of international standards through technical committees. The United States, through the American National Standards Institute (ANSI), is the secretariat. Twenty-four other nations (Brazil, France, United Kingdom, China, Democratic People's Republic of Korea, Czech Republic, Germany, Denmark, Belgium, Portugal, Japan, Republic of Korea, the Netherlands, Ireland, Norway, South Africa, Australia, Canada, Finland, Sweden, Slovenia, Switzerland, New Zealand, and Italy) have participant status and 40 other nations are observers.     

浅谈软件质量度量和软件产品评价

软件质量度量和软件产品评价系列标准是国际标准化组织ISO／IEC JTC1近年来在软件工程标准方面的研究重点之一,对于通过量化手段进行软件产品的度量和评价,规范软件产品的质量管理,这两个系列标准提供了一条可以参考的实施途径。本文在多年跟踪研究国际上软件工程标准和制定软件工程国家标准的基础上,对ISO／IEC JTC1近年推出的ISO／IEC 9126和ISO／IEC 14598系列,以及正在研制的ISO／IEC 25000系列标准进行综合介绍。     

A common criteria based security requirements engineering process for the development of secure information systems

In order to develop security critical Information Systems, specifying security quality requirements is vitally important, although it is a very difficult task. Fortunately, there are several security standards, like the Common Criteria (ISO/IEC 15408), which help us handle security requirements. This article will present a Common Criteria centred and reuse-based process that deals with security requirements at the early stages of software development in a systematic and intuitive way, by providing a security resources repository as well as integrating the Common Criteria into the software lifecycle, so that it unifies the concepts of requirements engineering and security engineering.     

Standardization in information security management

The paper describes the state of the art in the standardization in information security management. The requirements to the standards being developed, the types of standards, and the principles to adhere to are discussed. The study is based on the documents adopted within the subcommittee 27 “IT Security techniques” of the joint technical committee ISO/IEC JTC 1 “Information technology”.     

Standardization in Information Technology Security

The author overviews the international standards developed by SC 27 “IT Security techniques” of the ISO/IEC Joint Technical Committee “Information technologies.” The standards include cryptographic mechanisms, evaluation and testing of products and information systems, countermeasures, and security services. Both published standards and those under development are considered.     

A serious game for teaching the fundamentals of ISO/IEC/IEEE 29148 systems and software engineering – Lifecycle processes – Requirements engineering at undergraduate level

In the context of software engineering education, there is a recurrent demand for new approaches and techniques that support the application and transfer of knowledge to real-life situations with the aim of encouraging a more active learning among students. In particular, serious games have recently become an important learning resource for teaching the fundamentals of software process standards at undergraduate level. However, poor effort has been made to create a serious game that supports the teaching of the ISO/IEC/IEEE 29148:2011 Systems and Software Engineering – Lifecycle Processes – Requirements Engineering, an international standard that specifies the required processes that are to be implemented by requirements engineering for systems and software products (including services) throughout the lifecycle. With this in mind, a serious game called “Requengin” has been developed to provide undergraduate students with an interactive learning environment to facilitate the introduction of ISO/IEC/IEEE 29148:2011. The main objective of the game is to strengthen the comprehension and application of the main processes of the standard and some related requirements engineering techniques. Requengin was designed to simulate an academic library where players must apply the requirements engineering processes with the aim of changing the traditional management system by a software system while they receive, at the same time, preliminary training in ISO/IEC/IEEE 29148:2011. The results obtained by empirical evaluation indicate that Requengin could potentially contribute to an improvement in students’ acquisition of knowledge about ISO/IEC/IEEE 29148:2011, while also improving levels of motivation.     

Information security management system standards

This article presents ISO’s most successful information security standard ISO/IEC 27001 together with the other standards in the family of information security standards — the socalled ISO/IEC 2700x family of information security management system (ISMS) standards and guidelines. We shall take a brief look at the history and progress of these standards, where they originated from and how became the common language of organizations around the world for engaging in business securely. We shall take a tour through the different types of standard at are included in the ISMS family and how the relate and fit together and we will finally conclude with a short presentation of ISMS third party certification. The material used in this article has been derived directly from the many articles and books by Prof. Humphreys on the ISO/IEC 2700x ISMS family and they are implemented and applied in practice in business, commerce and government sectors.     

Enhancing ISO/IEC 15288 with reuse and product management: An add-on process reference model

To support the transformation of system engineering from the project-based development of highly customer-specific solutions to the reuse and customization of ‘system products’, we integrate a process reference model for reuse- and product-oriented industrial engineering and a process reference model extending ISO/IEC 12207 on software life cycle processes with software- and system-level product management. We synthesize the key process elements of both models to enhance ISO/IEC 15288 on system life cycle processes with product- and reuse-oriented engineering and product management practices as an integrated framework for process assessment and improvement in contexts where systems are developed and evolved as products.     

Quality evaluation for Model-Driven Web Engineering methodologies

ContextThere are lots of approaches or methodologies in the Model-Driven Web Engineering (MDWE) context to develop Web Applications without reaching a consensus on the use of standards and scarcity of both, practical experience and tool support.ObjectiveModel-Driven Web Engineering (MDWE) methodologies are constantly evolving. Moreover, Quality is a very important factor to identify within a methodology as it defines processes, techniques and artifacts to develop Web Applications. For this reason, when analyzing a methodology, it is not only necessary to evaluate quality, but also to find out how to improve it. The main goal of this paper is to develop a set of Quality Characteristics and Sub-Characteristics for MDWE approaches based on ISO/IEC standards.MethodFrom the software products context, some widely standards proposed, such as ISO/IEC 9126 or ISO/IEC 25000, suggest a Quality Model for software products, although up to now, there are no standard methods to assess quality on MDWE methodologies. Such methodologies can be organized into Properties, thus, a methodology has artifacts, processes and techniques. Then, each item is evaluated through a set of appropriate Quality Characteristics, depending on its nature. This paper proposes to evaluate a methodology as a product itself.ResultsThis paper recommends a set of Quality Characteristics and Sub-Characteristics based on these standards in order to evaluate MDWE methodologies quality. Additionally, it defines an agile way to relate these Quality Sub-Characteristics to Properties with the sole purpose of not only analyzing, but also assessing and improving MDWE methodologies.ConclusionsThe application of these Quality Characteristics and Sub-Characteristics could promote efficiency in methodologies since this kind of assessment enhances both the understanding of strengths and weaknesses of approaches.     

Modeling ecosystems of reference frameworks for assurance: a case on privacy impact assessment regulation and guidelines

To assure certain critical quality properties (e.g., safety, security, or privacy), supervisory authorities and industrial associations provide reference frameworks such as standards or guidelines that in some cases are enforced (e.g., regulations). Given the pace at which both technical advancements and risks appear, there is an increase in the number of reference frameworks. As several frameworks might apply for same systems, certain overlaps appear (e.g., regulations for different countries where the system will operate, or generic standards in conjunction with more concrete standards for a given industrial sector or system type). We propose the use of modelling for alleviating the complexity of these reference frameworks ecosystems, and we provide a tool-supported method to create them for the benefit of different stakeholders. The case study is based on privacy data protection, and more concretely on privacy impact assessment processes. The European GDPR regulates the movement and processing of personal data, and, contrary to available software engineering privacy guidelines, articles in legal texts are usually difficult to translate to the underlying processes, artefacts and roles that they refer to. To facilitate the mutual comprehension of legal experts and engineers, in this work we investigate how mappings can be created between these two domains of expertise. Notably, we rely on modelling as a central point. We modelled the legal requirements of the GDPR on data protection impact assessments, and then, we selected the ISO/IEC 29134, a mainstream engineering guideline for privacy impact assessment, and, taking a concrete sector as example, the EU Smart Grid Data Protection Impact Assessment template. The OpenCert tool was used for providing technical support to both the modelling and the creation of the mapping models in a systematic way. We provide a qualitative evaluation from legal experts and privacy engineering practitioners to report on the benefits and limitations of this approach.

     

Analyzing evolution of variability in a software product line: From contexts and requirements to features

Context

In the long run, features of a software product line (SPL) evolve with respect to changes in stakeholder requirements and system contexts. Neither domain engineering nor requirements engineering handles such co-evolution of requirements and contexts explicitly, making it especially hard to reason about the impact of co-changes in complex scenarios.

Objective

In this paper, we propose a problem-oriented and value-based analysis method for variability evolution analysis. The method takes into account both kinds of changes (requirements and contexts) during the life of an evolving software product line.

Method

The proposed method extends the core requirements engineering ontology with the notions to represent variability-intensive problem decomposition and evolution. On the basis of problemorientation, the analysis method identifies candidate changes, detects influenced features, and evaluates their contributions to the value of the SPL.

Results and Conclusion

The process of applying the analysis method is illustrated using a concrete case study of an evolving enterprise software system, which has confirmed that tracing back to requirements and contextual changes is an effective way to understand the evolution of variability in the software product line.     

Feature Nets: behavioural modelling of software product lines

Software product lines (SPLs) are diverse systems that are developed using a dual engineering process: (a) family engineering defines the commonality and variability among all members of the SPL, and (b) application engineering derives specific products based on the common foundation combined with a variable selection of features. The number of derivable products in an SPL can thus be exponential in the number of features. This inherent complexity poses two main challenges when it comes to modelling: firstly, the formalism used for modelling SPLs needs to be modular and scalable. Secondly, it should ensure that all products behave correctly by providing the ability to analyse and verify complex models efficiently. In this paper, we propose to integrate an established modelling formalism (Petri nets) with the domain of software product line engineering. To this end, we extend Petri nets to Feature Nets. While Petri nets provide a framework for formally modelling and verifying single software systems, Feature Nets offer the same sort of benefits for software product lines. We show how SPLs can be modelled in an incremental, modular fashion using Feature Nets, provide a Feature Nets variant that supports modelling dynamic SPLs, and propose an analysis method for SPL modelled as Feature Nets. By facilitating the construction of a single model that includes the various behaviours exhibited by the products in an SPL, we make a significant step towards efficient and practical quality assurance methods for software product lines.     

Building an Application Security Program

As security professionals we have a good handle on securing our perimeters, yet security compromises continue to rise. Hackers have found a new attack vector and are successfully exploiting it. Application exploits are to blame for this rise in security compromises and security professionals need to identify and secure the application.

While risk cannot be completely eliminated, a strong Application Security Program can identify and mitigate these risks to a more manageable level. Organizational support, framework selection, and adherence to compliance and regulatory requirements are vital to the success of the program and the security of your applications. If you lack any of these elements the program will fail. There are many frameworks to choose from, so careful consideration must be taken to ensure the right framework is chosen for your organization.

A successful Application Security Program will be fully integrated within the SDLC. It will enable your organization to identify and remediate risks with applications. If implanted and executed effectively it will also meet the requirements for FISMA compliance.     

The diffusion of anticipatory standards with particular reference to the ISO/IEC information resource dictionary system framework standard

In the late 1980s, traditional standards development organisations (SDOs) were moving toward creating anticipatory standards as a way of coping with the fast growth in new technology in the computing industry. The development of anticipatory standards (standards developed ahead of the technology) was seen as a possible way for the formal standards bodies to keep abreast of these rapid changes. By creating standards ahead of the technology, the standards would act as “change agents” and guide the market. Anticipatory standards were seen as one way of addressing the problem of arriving at suboptimal de facto standards. If the industry can be guided before the technology develops, this will encourage the use of optimal products. This paper considers the diffusion pattern of the ISO/IEC Information Resource Dictionary System (IRDS) Framework standard that fits into the category of an anticipatory standard. Comparisons are made between the diffusion patterns of the ISO/IEC IRDS standard and the ISO/IEC Open Standards Interconnection (OSI) Reference Model as they were both anticipatory in nature, both framework/reference standards, both originated at approximately the same time and were both developed in traditional standards development organisations.     

An overview of guidance documents for software in metrological applications

The quality characteristics of metrological software are required by national or regional legislation, e.g., in legal metrology, or for safety critical applications, or by various standards such as software product quality standards (ISO/IEC 91261) or laboratory competence standards (ISO/IEC 170252).The parties involved are interested in getting a clear guidance for software quality requirements and validation methods. In already developed guidance documents different software quality issues, software lifecycle phases and consequences of risk evaluation for software malfunction or fraud are addressed to different extents.This paper provides a comparison of approaches with the aim to support the parties involved in understanding both the common points and the differences.     

Using argumentation to evaluate software assurance standards

ContextMany people and organisations rely upon software safety and security standards to provide confidence in software intensive systems. For example, people rely upon the Common Criteria for Information Technology Security Evaluation to establish justified and sufficient confidence that an evaluated information technology product’s contributions to security threats and threat management are acceptable. Is this standard suitable for this purpose?ObjectiveWe propose a method for assessing whether conformance with a software safety or security standard is sufficient to support a conclusion such as adequate safety or security. We hypothesise that our method is feasible and capable of revealing interesting issues with the proposed use of the assessed standard.MethodThe software safety and security standards with which we are concerned require evidence and discuss the objectives of that evidence. Our method is to capture a standard’s evidence and objectives as an argument supporting the desired conclusion and to subject this argument to logical criticism. We have evaluated our method by case study application to the Common Criteria standard.ResultsWe were able to capture and criticise an argument from the Common Criteria standard. Review revealed 121 issues with the analysed use of the standard. These range from vagueness in its text to failure to require evidence that would substantially increase confidence in the security of evaluated software.ConclusionOur method was feasible and revealed interesting issues with using a Common Criteria evaluation to support a conclusion of adequate software security. Considering the structure of similar assurance standards, we see no reason to believe that our method will not prove similarly valuable in other applications.     

Improving software product line configuration: A quality attribute-driven approach

ContextDuring the definition of software product lines (SPLs) it is necessary to choose the components that appropriately fulfil a product’s intended functionalities, including its quality requirements (i.e., security, performance, scalability). The selection of the appropriate set of assets from many possible combinations is usually done manually, turning this process into a complex, time-consuming, and error-prone task.ObjectiveOur main objective is to determine whether, with the use of modeling tools, we can simplify and automate the definition process of a SPL, improving the selection process of reusable assets.MethodWe developed a model-driven strategy based on the identification of critical points (sensitivity points) inside the SPL architecture. This strategy automatically selects the components that appropriately match the product’s functional and quality requirements. We validated our approach experimenting with different real configuration and derivation scenarios in a mobile healthcare SPL where we have worked during the last three years.ResultsThrough our SPL experiment, we established that our approach improved in nearly 98% the selection of reusable assets when compared with the unassisted analysis selection. However, using our approach there is an increment in the time required for the configuration corresponding to the learning curve of the proposed tools.ConclusionWe can conclude that our domain-specific modeling approach significantly improves the software architect’s decision making when selecting the most suitable combinations of reusable components in the context of a SPL.     

An Ontology for ISO software engineering standards: 2) Proof of concept and application

Software engineering standards often utilize different underpinning metamodels and ontologies, which sometimes differ between standards. For better adoption by industry, harmonization of these standards by use of a domain ontology has been advocated. In this paper we apply this approach in a proof of concept project. We recommend the creation of a single underpinning abstract domain ontology, created from existing ISO/IEC standards including ISO/IEC 24744 and 24765 and supplemented by any other sources authorized by SC7 as being appropriate and useful. Such an adoption of a single ontology will permit the re-engineering of existing International Standards such as 12207, 15288 and 33061 as refinements from this domain ontology so that these variously focussed standards can all inter-operate.     

Security and Control in the Cloud

ABSTRACT

Cloud computing is a new IT delivery paradigm that offers computing resources as on-demand services over the Internet. Like all forms of outsourcing, cloud computing raises serious concerns about the security of the data assets that are outsourced to providers of cloud services. To address these security concerns, we show how today's generation of information security management systems (ISMSs), as specified in the ISO/IEC 27001:2005, must be extended to address the transfer of security controls into cloud environments. The resulting virtual ISMS is a standards-compliant management approach for developing a sound control environment while supporting the various modalities of cloud computing.

This article addresses chief security and/or information officers of cloud client and cloud provider organizations. Cloud clients will benefit from our exposition of how to manage risk when corporate assets are outsourced to cloud providers. Providers of cloud services will learn what processes and controls they can offer in order to provide superior security that differentiates their offerings in the market.