Requirements Refinement and Exploration of Architecture for Security and Other NFRs

Earlier software architecture design is essential particularly when it comes to security concerns, since security risks, requirements and architectures are all closely interrelated and interacting. We have proposed the security driven twin peaks method with a mutual refinement of the requirements, and architectures. However, there are multiple alternatives to an architecture design for initial requirements, and their choices depend on non-functional requirements (NFRs), such as security, performance, and costs which have a big impact on the quality of the software. We propose a new method called TPM-SA2 to avoid any back-track in refinement. Each architectural alternative in TPM-SA2 is refined so that it aligns with the requirements. For each refinement, the requirements can be updated vice versa. TPM-SA2 enables us to predict the impacts on the NFRs by each candidate for the architecture, and choose the most appropriate one with respect to the impact. As a result, we can define the requirements and architectures, and estimated the development costs earlier than ever.

[1]  Rick Kazman,et al.  The architecture tradeoff analysis method , 1998, Proceedings. Fourth IEEE International Conference on Engineering of Complex Computer Systems (Cat. No.98EX193).

[2]  Nobukazu Yoshioka,et al.  Mutual Refinement of Security Requirements and Architecture Using Twin Peaks Model , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops.

[3]  Nobukazu Yoshioka,et al.  Security Driven Requirements Refinement and Exploration of Architecture with Multiple NFR Points of View , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[4]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[5]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[6]  Úlfar Erlingsson,et al.  Engineering Secure Software and Systems , 2011, Lecture Notes in Computer Science.

[7]  Mary Shaw,et al.  Software architecture: the next step for object technology (panel) , 1993, OOPSLA '93.

[8]  Haruhiko Kaiya,et al.  Security Requirements Elicitation Using Method Weaving and Common Criteria , 2008, MoDELS Workshops.

[9]  Nobukazu Yoshioka,et al.  Analyzing Impacts on Software Enhancement Caused by Security Design Alternatives with Patterns , 2012, Int. J. Secur. Softw. Eng..

[10]  Thomas L. Saaty,et al.  Multicriteria Decision Making: The Analytic Hierarchy Process: Planning, Priority Setting, Resource Allocation , 1990 .

[11]  Silvio Romero de Lemos Meira,et al.  Relating Security Requirements and Design Patterns: Reducing Security Requirements Implementation Impacts with Design Patterns , 2009, 2009 Fourth International Conference on Software Engineering Advances.

[12]  Jan Jürjens,et al.  Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec , 2010, Requirements Engineering.

[13]  Peter Liggesmeyer,et al.  Identification of Security-Safety Requirements for the Outdoor Robot RAVON Using Safety Analysis Techniques , 2010, 2010 Fifth International Conference on Software Engineering Advances.

[14]  Bashar Nuseibeh,et al.  Weaving Together Requirements and Architectures , 2001, Computer.

[15]  John Mylopoulos,et al.  Secure-I*: Engineering Secure Software Systems through Social Analysis , 2009, Int. J. Softw. Informatics.

[16]  Rainer Weinreich,et al.  Integrating Requirements and Design Decisions in Architecture Representation , 2010, ECSA.

[17]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[18]  Thomas Heyman,et al.  The Security Twin Peaks , 2011, ESSoS.

[19]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[20]  Eduardo B. Fernández,et al.  Security patterns and secure systems design , 2007, ACM-SE 45.

[21]  Takashi Yoshikawa,et al.  Supporting Requirements Change Management in Goal Oriented Analysis , 2008, 2008 16th IEEE International Requirements Engineering Conference.

[22]  Paul Clements,et al.  Software Architecture in Practice: Addison-Wesley , 1998 .