Abstract
Non-functional requirements (NFR), such as availability, usability, performance, and security are often crucial in producing a satisfactory software product. Therefore, these non-functional requirements should be addressed as early as possible in the software development life cycle. Contrary to other non-functional requirements, such as usability and performance, security concerns are often postponed to the very end of the design process. As a result, security requirements have to be tailored into an existing design, leading to serious design challenges that usually translate into software vulnerabilities. In this paper, we present a novel approach to describe high-level security requirements using the Use Case Maps (UCM) language of the ITU-T User Requirements Notation (URN) standard. The proposed approach is based on a mapping to UCM models of a set of security architectural tactics that describe security design measures in a very general, abstract, and implementation-independent way. The resulting security extensions are described using a metamodel and implemented within the jUCMNav tool. We illustrate our approach using a UCM scenario describing the modification of consultants’ pay rates.
Original language | English |
---|---|
Title of host publication | SDL 2015 |
Subtitle of host publication | Model-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings |
Editors | Ina Schieferdecker, Rick Reed, Joachim Fischer, Markus Scheidgen |
Publisher | Springer Verlag |
Pages | 202-217 |
Number of pages | 16 |
ISBN (Print) | 9783319249117 |
DOIs | |
State | Published - 2015 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 9369 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Bibliographical note
Publisher Copyright:© Springer International Publishing Switzerland 2015.
Keywords
- Feature modeling
- GRL
- Goal evaluation
- Goal modeling
- URN
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science