When security meets software engineering: a case of modelling secure information systems

Although security is a crucial issue for information systems, traditionally, it is considered after the definition of the system. This approach often leads to problems, which most of the times translate into security vulnerabilities. From the viewpoint of the traditional security paradigm, it should be possible to eliminate such problems through better integration of security and software engineering. This paper firstly argues for the need to develop a methodology that considers security as an integral part of the whole system development process, and secondly it contributes to the current state of the art by proposing an approach that considers security concerns as an integral part of the entire system development process and by relating this approach with existing work. The different stages of the approach are described with the aid of a real-life case study; a health and social care information system.     

A common criteria based security requirements engineering process for the development of secure information systems

In order to develop security critical Information Systems, specifying security quality requirements is vitally important, although it is a very difficult task. Fortunately, there are several security standards, like the Common Criteria (ISO/IEC 15408), which help us handle security requirements. This article will present a Common Criteria centred and reuse-based process that deals with security requirements at the early stages of software development in a systematic and intuitive way, by providing a security resources repository as well as integrating the Common Criteria into the software lifecycle, so that it unifies the concepts of requirements engineering and security engineering.     

Reusable knowledge in security requirements engineering: a systematic mapping study

Security is a concern that must be taken into consideration starting from the early stages of system development. Over the last two decades, researchers and engineers have developed a considerable number of methods for security requirements engineering. Some of them rely on the (re)use of security knowledge. Despite some existing surveys about security requirements engineering, there is not yet any reference for researchers and practitioners that presents in a systematic way the existing proposals, techniques, and tools related to security knowledge reuse in security requirements engineering. The aim of this paper is to fill this gap by looking into drawing a picture of the literature on knowledge and reuse in security requirements engineering. The questions we address are related to methods, techniques, modeling frameworks, and tools for and by reuse in security requirements engineering. We address these questions through a systematic mapping study. The mapping study was a literature review conducted with the goal of identifying, analyzing, and categorizing state-of-the-art research on our topic. This mapping study analyzes more than thirty approaches, covering 20 years of research in security requirements engineering. The contributions can be summarized as follows: (1) A framework was defined for analyzing and comparing the different proposals as well as categorizing future contributions related to knowledge reuse and security requirements engineering; (2) the different forms of knowledge representation and reuse were identified; and (3) previous surveys were updated. We conclude that most methods should introduce more reusable knowledge to manage security requirements.     

Design notations for secure software: a systematic literature review

In the past 10 years, the research community has produced a significant number of design notations to represent security properties and concepts in a design artifact. These notations are aimed at documenting and analyzing security in a software design model. The fragmentation of the research space, however, has resulted in a complex tangle of different techniques. Hence, practitioners are confronted with the challenging task of scouting the right approach from a multitude of proposals. Similarly, it is hard for researchers to keep track of the synergies among the existing notations, in order to identify the existing opportunities for original contributions. This paper presents a systematic literature review that inventorizes the existing notations and provides an in-depth, comparative analysis for each.     

Scenario-based requirements analysis techniques for real-time software systems: a comparative evaluation

One of the most critical phases of software engineering is requirements elicitation and analysis. Success in a software project is influenced by the quality of requirements and their associated analysis since their outputs contribute to higher level design and verification decisions. Real-time software systems are event driven and contain temporal and resource limitation constraints. Natural-language-based specification and analysis of such systems are then limited to identifying functional and non-functional elements only. In order to design an architecture, or to be able to test and verify these systems, a comprehensive understanding of dependencies, concurrency, response times, and resource usage are necessary. Scenario-based analysis techniques provide a way to decompose requirements to understand the said attributes of real-time systems. However they are in themselves inadequate for providing support for all real-time attributes. This paper discusses and evaluates the suitability of certain scenario-based models in a real-time software environment and then proposes an approach, called timed automata, that constructs a formalised view of scenarios that generate timed specifications. This approach represents the operational view of scenarios with the support of a formal representation that is needed for real-time systems. Our results indicate that models with notations and semantic support for representing temporal and resource usage of scenario provide a better analysis domain.H. Saiedian is a member of the Information & Telecommunication Technology Center at the University of Kansas. His research was partially supported by a grant from the National Science Foundation (NSF).     

Quality requirements engineering for systems and software architecting: methods, approaches, and tools

Requirements engineering and software architecture are quite mature software engineering sub-disciplines, which often seem to be disconnected for many reasons and it is difficult to perceive the impact of functional and non-functional requirements on architecture and to establish appropriate trace links for traceability purposes. In other cases, the estimation of how non-functional requirements, as the quality properties a system should pose, is not perceived useful enough to produce high-quality software. Therefore, in this special issue, we want to highlight the importance and the role of quality requirements for architecting and building complex software systems that in many cases require multidisciplinary engineering techniques, which increases the complexity of the software development process.     

Cultural influence on requirements engineering activities: a systematic literature review and analysis

Requirements Engineering - Requirements engineering (RE) involves the critical activities required to capture customers’ requirements/needs accurately. RE is a communication-intensive...     

Trust requirements and performance of a fast subtransport-levelprotocol for secure communication

A secure network protocol called the authenticated datagram protocol (ADP) that optimizes the performance of global networks by establishing host-to-host secure channels and building agent-to-agent channels on top of host-to-host channels is presented. The performance advantages of ADP come with an accompanying set of trust requirements that are stringent for a network spanning mutually distrustful organizations. The cause for this stringency is shown to be propagation of trust relationships in ADP. Methods of breaking their propagation and thereby accomplishing a significant reduction in ADP's trust requirements are presented. ADP, being a protocol for establishing host-to-host channels, can be handled at the subtransport level of the protocol hierarchy. A prototype of ADP implemented on Sun workstations connected by an Ethernet is described. Experimental measurements confirm that both the average latency of messages and the maximum throughput are substantially better than other secure protocols     

A method to elicit architecturally sensitive usability requirements: its integration into a software development process

In the Human-Computer Interaction (HCI) community, software usability has primarily been concerned with the presentation of information, more precisely with the user interface. However, some usability problems can prove costly to fix if the changes require modifications that reach beyond the presentation layer, namely those that cannot be easily accommodated by the software architecture. Taking into account some usability requirements earlier in the software development cycle, specifically prior to the architectural design phase, can reduce the cost of these modifications. There is a scarcity of methods and guidelines with the scope to direct users in eliciting the usability requirements that can impact the software architecture. This paper proposes a usability-driven adaptation of the quality attribute workshop (QAW) to assist software development organizations in discovering and documenting usability requirements. It shows how this method can be integrated into a software development process, by discussing how the existing software framework workflows can be adjusted to take this new activity into consideration. A preliminary exercise was conducted to help discern the utility and the limits of the proposed method. Participants with different levels of knowledge of usability and comprehension of the system being developed found the method constructive, as it guided them in identifying the architecturally relevant usability requirements. It also helped determine the usability aspects that would not necessarily have been defined if this technique had not been employed.     

Linking business and requirements engineering: is solution planning a missing activity in software product companies?

A strong link between strategy and product development is important, since companies need to select requirements for forthcoming releases. However, in practice, connecting requirements engineering (RE) and business planning is far from trivial. This paper describes the lessons learned from four software product companies that have recognized the need for more business-oriented long-term planning. The study was conducted using the action research approach. We identified five practices that seem to strengthen the link between business decisions and RE. These are (1) explicating the planning levels and time horizons; (2) separating the planning of products’ business goals from R&D resource allocation; (3) planning open-endedly with a pre-defined rhythm; (4) emphasizing whole-product thinking; and (5) making solution planning visible. To support whole-product thinking and solution planning, we suggest that companies create solution concepts. The purpose of the solution concept is to provide a big picture of the solution and guide RE activities.     

How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address security and privacy issues. However, understanding why, and when such solutions have to be adopted is often unanswered because the answer comes only from a broader perspective, accounting for legal and organizational issues. Security engineers and legal experts should analyze the business goals of a company and its organizational structure and derive from there the points where security and privacy problems may arise and which solutions best fit such (legal) problems. The paper investigates the methodological support for capturing security and privacy requirements of a concrete health care provider.

On the generation of requirements specifications from software engineering models: A systematic literature review

System and software requirements documents play a crucial role in software engineering in that they must both communicate requirements to clients in an understandable manner and define requirements in precise detail for system developers. The benefits of both lists of textual requirements (usually written in natural language) and software engineering models (usually specified in graphical form) can be brought together by combining the two approaches in the specification of system and software requirements documents. If, moreover, textual requirements are generated from models in an automatic or closely monitored form, the effort of specifying those requirements is reduced and the completeness of the specification and the management of the requirements traceability are improved. This paper presents a systematic review of the literature related to the generation of textual requirements specifications from software engineering models.     

Evaluation of a game to teach requirements collection and analysis in software engineering at tertiary education level

A highly important part of software engineering education is requirements collection and analysis which is one of the initial stages of the Database Application Lifecycle and arguably the most important stage of the Software Development Lifecycle. No other conceptual work is as difficult to rectify at a later stage or as damaging to the overall system if performed incorrectly. As software engineering is a field with a reputation for producing graduates who are inappropriately prepared for applying their skills in real life software engineering scenarios, it suggests that traditional educational techniques such as role-play, live-through case studies and paper-based case studies are insufficient preparation and that other approaches are required. To attempt to combat this problem we have developed a games-based learning application to teach requirements collection and analysis at tertiary education level as games-based learning is seen as a highly motivating, engaging form of media and is a rapidly expanding field. This paper will describe the evaluation of the requirements collection and analysis game particularly from a pedagogical perspective. The game will be compared to traditional methods of software engineering education using a pre-test/post-test, control group/experimental group design to assess if the game can act as a suitable supplement to traditional techniques and assess if it can potentially overcome shortcomings. The game will be evaluated in five separate experiments at tertiary education level.     

Formal requirements modeling for cyber-physical systems engineering: an integrated solution based on FORM-L and Modelica

Requirements Engineering - The increasing complexity of cyber-physical systems (CPSs) makes their design, development and operation extremely challenging. Due to the nature of CPS that involves...     

System security requirements: A framework for early identification,specification and measurement of related software requirements

One of the responsibilities of developers is the early definition of non-functional requirements (NFR) at the system level and their related allocation as functional user requirements (FUR) at the software level. To identify some of the widely consensual security elements that could be used in a standards-based security framework, the security-related terminology and views from three sets of international standards (ECSS, IEEE and ISO) are analyzed and integrated. Next, the set of concepts adopted by ISO 19761 for describing software functionality at a lower level are introduced, thereby ensuring that the proposed framework is designed for measurement purposes as well. For the capture of security concepts, the proposed framework is designed using soft-goal interdependency graphs (SIG) and three main system NFR-security types: system availability, confidentiality and integrity. This standards-based system security framework at the function and service level can support software developers to derive such requirements in the early stages of the development process. Finally, an ATM example for the measurement of system security NFR allocated as software FUR within a service-oriented architecture (SOA) is presented.     

Employing resilience engineering in eliciting software requirements for complex systems: experiments with the functional resonance analysis method (FRAM)

Cognition, Technology & Work - Resilience engineering provides concepts and methods for assessing the ability of socio-technical systems to adjust their functioning before, during, or after...     

A framework for developing home automation systems: From requirements to code

This article presents an integrated framework for the development of home automation systems following the model-driven approach. By executing model transformations the environment allows developers to generate executable code for specific platforms. The tools presented in this work help developers to model home automation systems by means of a domain specific language which is later transformed into code for home automation specific platforms. These transformations have been defined by means of graph grammars and template engines extended with traceability capabilities. Our framework also allows the models to be reused for different applications since a catalogue of requirements is provided. This framework enables the development of home automation applications with techniques for improving the quality of both the process and the models obtained. In order to evaluate the benefits of the approach, we conducted a survey among developers that used the framework. The analysis of the outcome of this survey shows which conditions should be fulfilled in order to increase reusability.     

How to improve performance of software systems: A methodology and a case study for tuning performance

Before software systems are shipped, they are tuned to optimize their field performance. This process is called performance tuning. Performance tuning is used to find the best settings for a set of tunable, or changeable, parameters like buffer space, disk file allocation, main memory partition, I/O priority, process scheduling quantum, etc. Examples of performance measures to be optimized are: query or transaction loss, throughput rate, response time, etc. Improperly tuned systems can create field problems even if there are no software faults in the product. Hence, it is important that software systems be tuned for optimal performance before they are delivered. However, optimal performance tuning is quite complex because of: exponentially many alternatives, unknown functional relationships between parameters and performance measures, stochastically fluctuating system performance, and expensive empirical experiments. For these reasons, tuning is typically practiced as an art and depends heavily on the intuitions of experts. In this paper, we examine a method for tuning which is repeatable and produces consistently superior results across many different applications. This method, based upon Robust Experimental Design, has revolutionized design optimization in hardware systems. The methodology consists of conducting a few carefully chosen experiments and using the associated analysis technology to help extract the maximum possible information for performance optimization. Specifically we give some background on statistical experimental design and demonstrate it on an actual software system that provides network database services which had experienced occasional query losses. Focusing on nine carefully chosen parameters, 12 experiments were conducted. This number of experiments is far fewer and consequently far less costly in time and effort than what would be required for collecting the same amount of information by traditional methods. The selection of the experiments took into account ideas from accelerated life testing and ideas from the Robust Experimental Design. Based on the analysis of this data, new settings for the parameters in software system were implemented. All tests done with the new settings have shown that the query loss problem has been totally controlled. This revised version was published online in June 2006 with corrections to the Cover Date.     

一种安全协议的安全性分析及攻击研究

针对Web安全协议SSL的握手协议部分进行了详尽的阐述，对其安全性作了一定的分析，给出了理论上存在的三个协议漏洞的详尽描述，并且经过测试验证，指出了SSL协议存在***模式漏洞。