Non-functional requirements (NFR), such as availability, usability, performance, and security are often crucial in producing a satisfactory software product. Therefore, these non-functional requirements should be addressed as early as possible in the software development life cycle. Contrary to other non-functional requirements, such as usability and performance, security concerns are often postponed to the very end of the design process. As a result, security requirements have to be tailored into an existing design, leading to serious design challenges that usually translate into software vulnerabilities. In this paper, we present a novel approach to describe high-level security requirements using the Use Case Maps (UCM) language of the ITU-T User Requirements Notation (URN) standard. The proposed approach is based on a mapping to UCM models of a set of security architectural tactics that describe security design measures in a very general, abstract, and implementation-independent way. The resulting security extensions are described using a metamodel and implemented within the jUCMNav tool. We illustrate our approach using a UCM scenario describing the modification of consultants’ pay rates.
|Title of host publication
|Subtitle of host publication
|Model-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings
|Ina Schieferdecker, Rick Reed, Joachim Fischer, Markus Scheidgen
|Number of pages
|Published - 2015
|Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Bibliographical notePublisher Copyright:
© Springer International Publishing Switzerland 2015.
- Feature modeling
- Goal evaluation
- Goal modeling
ASJC Scopus subject areas
- Theoretical Computer Science
- General Computer Science