Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Security Requirements Management in Software Product Line Engineering

  • Conference paper
e-Business and Telecommunications (ICETE 2008)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 48))

Included in the following conference series:

Abstract

Security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this chapter we will propose a security requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Bosh, J.: Design & Use of Software Architectures. Pearson Education Limited, London (2000)

    Google Scholar 

  2. Clements, P., Northrop, L.: Software Product Lines: Practices and Patterns. Addison-Wesley, Reading (2002)

    Google Scholar 

  3. Birk, A., Heller, G.: Challenges for requirements engineering and management in software product line development. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 300–305. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  4. Niemelä, E., Immonen, A.: Capturing quality requirements of product family architecture. Information & Software Technology 49, 1107–1120 (2007)

    Article  Google Scholar 

  5. Mellado, D., Fernández-Medina, E., Piattini, M.: A Common Criteria Based Security Requirements Engineering Process for the Development of Secure Information Systems. Computer Standards and Interfaces 29, 244–253 (2007)

    Article  Google Scholar 

  6. Mellado, D., Fernández-Medina, E., Piattini, M.: Applying a Security Requirements Engineering Process. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 192–206. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Mellado, D., Fernández-Medina, E., Piattini, M.: Towards security requirements management for software product lines: a security domain requirements engineering process. Computer Standards & Interfaces 30, 361–371 (2008)

    Article  Google Scholar 

  8. ISO/IEC, ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements (2006)

    Google Scholar 

  9. ISO/IEC, ISO/IEC 15408:2005 Information technology - Security techniques - Evaluation criteria for IT security (Common Criteria v3.0) (2005)

    Google Scholar 

  10. Kang, K., Cohen, S., Hess, J.A., Novak, W.E., Peterson, S.A.: Feature-Oriented Domain Analysis (FODA) Feasibility Study. Software Engineering Institute, Carnegie-Mellon University (1990)

    Google Scholar 

  11. Pohl, K., Böckle, G., van de Linden, F.: Software Product Line Engineering. Foundations, Principles and Techniques. Springer, Heidelberg (2005)

    Google Scholar 

  12. Firesmith, D.G.: Engineering Security Requirements. Journal of Object Technology 2, 53–68 (2003)

    Google Scholar 

  13. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Engineering 10 1, 34–44 (2005)

    Article  Google Scholar 

  14. ISO/IEC, ISO/IEC 13335 Information technology - Security techniques - Management of information and communications technology security (2004)

    Google Scholar 

  15. López, F., Amutio, M.A., Candau, J., Mañas, J.A.: Methodology for Information Systems Risk Analysis and Management. Ministry of Public Administration (2005)

    Google Scholar 

  16. Kotonya, G., Sommerville, I.: Requirements Engineering Process and Techniques. John Willey & Sons, West Sussex (2000)

    Google Scholar 

  17. OMG_(Object_Management_Group), Reusable Assets Specification (RAS): ptc/04-06-06 (2004)

    Google Scholar 

  18. Chung, L., Nixon, B., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Kluwer Academic Publishers, Dordrecht (2000)

    MATH  Google Scholar 

  19. Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Google Scholar 

  20. Kuloor, C., Eberlein, A.: Aspect-Oriented Requirements Engineering for Software Product Lines. In: Proceedings of the 10th IEEE International Conference and Workshop on the Engineering of Computer-Based Systems, ECBS 2003 (2003) (presented)

    Google Scholar 

  21. ISO/IEC, ISO/IEC 15446 Information technology - Security techniques - Guide for the production of Protection Profiles and Security Targets (2004)

    Google Scholar 

  22. SEI, +SAFE, V1.2 A Safety Extension to CMMI-DEV V1.2. Software Engineering Institute, Carnegie Mellon University, Pittsburgh (U.S.A.) (2007)

    Google Scholar 

  23. Faegri, T.E., Hallsteinsen, S.: A Software Product Line Reference Architecture for Security. In: Käkölä, T., Dueñas, J.C. (eds.) Software Product Lines: Research Issues in Engineering and Management. Springer, Heidelberg (2006)

    Google Scholar 

  24. Arciniegas, J.L., Dueñas, J.C., Ruiz, J.L., Cerón, R., Bermejo, J., Oltra, M.A.: Architecture Reasoning for Supporting Product Line Evolution: An Example on Security. In: Käkölä, T., Dueñas, J.C. (eds.) Software Product Lines: Research Issues in Engineering and Management. Springer, Heidelberg (2006)

    Google Scholar 

  25. Haley, C.B., Laney, R., Moffett, J.D., Nuseibeh, B.: Using trust assumptions with security requirements. Requirements Engineering 11, 138–151 (2006)

    Article  Google Scholar 

  26. Mead, N.R., Hough, E., Stehney, T.: Security Quality Requirements Engineering (SQUARE) Methodology (CMU/SEI-2005-TR-009). Software Engineering Institute, Carnegie Mellon University, Pittsburgh, USA (2005)

    Google Scholar 

  27. Liu, L., Yu, E.S.K., Mylopoulos, J.: Security and Privacy Requirements Analysis within Social Setting. In: 11th IEEE International Requirements Engineering Conference, RE 2003 (2003)

    Google Scholar 

  28. Giorgini, P., Mouratidis, H., Zannone, N.: Modelling Security and Trust with Secure Tropos. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Visions, pp. 160–189. Idea Group Publishing, USA (2007)

    Google Scholar 

  29. Mellado, D., Fernández-Medina, E., Piattini, M.: A Comparative Study of Proposals for Establishing Security Requirements for the Development of Secure Information Systems. In: Gavrilova, M.L., Gervasi, O., Kumar, V., Tan, C.J.K., Taniar, D., Laganá, A., Mun, Y., Choo, H. (eds.) ICCSA 2006. LNCS, vol. 3982, pp. 1044–1053. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IT & Systems Department, National Competition Commission, Madrid, Spain

    Daniel Mellado

  2. Alarcos Research Group, Institute of Information Technologies & Systems, University of Castilla - La Mancha, Paseo de la Universidad 4, 13071, Ciudad Real, Spain

    Eduardo Fernández-Medina & Mario Piattini

Authors
  1. Daniel Mellado
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduardo Fernández-Medina
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mario Piattini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Departament of Systems and Informatics, Polytechnic Institute of Setúbal – INSTICC, Rua do Vale de Chaves - Estefanilha, 2910-761, Setúbal, Portugal

    Joaquim Filipe

  2. Department of Computer Science, West Long Branch,, Monmouth University, 07764, NJ, U.S.A.

    Mohammad S. Obaidat

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mellado, D., Fernández-Medina, E., Piattini, M. (2009). Security Requirements Management in Software Product Line Engineering. In: Filipe, J., Obaidat, M.S. (eds) e-Business and Telecommunications. ICETE 2008. Communications in Computer and Information Science, vol 48. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05197-5_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-05197-5_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-05196-8

  • Online ISBN: 978-3-642-05197-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation