Describing early security requirements using use case maps

Jameleddine Hassine; Abdelwahab Hamou-Lhadj

doi:10.1007/978-3-319-24912-4_15

Describing early security requirements using use case maps

Jameleddine Hassine^*, Abdelwahab Hamou-Lhadj

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Non-functional requirements (NFR), such as availability, usability, performance, and security are often crucial in producing a satisfactory software product. Therefore, these non-functional requirements should be addressed as early as possible in the software development life cycle. Contrary to other non-functional requirements, such as usability and performance, security concerns are often postponed to the very end of the design process. As a result, security requirements have to be tailored into an existing design, leading to serious design challenges that usually translate into software vulnerabilities. In this paper, we present a novel approach to describe high-level security requirements using the Use Case Maps (UCM) language of the ITU-T User Requirements Notation (URN) standard. The proposed approach is based on a mapping to UCM models of a set of security architectural tactics that describe security design measures in a very general, abstract, and implementation-independent way. The resulting security extensions are described using a metamodel and implemented within the jUCMNav tool. We illustrate our approach using a UCM scenario describing the modification of consultants’ pay rates.

Original language	English
Title of host publication	SDL 2015
Subtitle of host publication	Model-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings
Editors	Ina Schieferdecker, Rick Reed, Joachim Fischer, Markus Scheidgen
Publisher	Springer Verlag
Pages	202-217
Number of pages	16
ISBN (Print)	9783319249117
DOIs	https://doi.org/10.1007/978-3-319-24912-4_15
State	Published - 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9369
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Bibliographical note

Publisher Copyright:
© Springer International Publishing Switzerland 2015.

Keywords

Feature modeling
GRL
Goal evaluation
Goal modeling
URN

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-24912-4_15

Cite this

Hassine, J., & Hamou-Lhadj, A. (2015). Describing early security requirements using use case maps. In I. Schieferdecker, R. Reed, J. Fischer, & M. Scheidgen (Eds.), SDL 2015: Model-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings (pp. 202-217). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9369). Springer Verlag. https://doi.org/10.1007/978-3-319-24912-4_15

Hassine, Jameleddine ; Hamou-Lhadj, Abdelwahab. / Describing early security requirements using use case maps. SDL 2015: Model-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings. editor / Ina Schieferdecker ; Rick Reed ; Joachim Fischer ; Markus Scheidgen. Springer Verlag, 2015. pp. 202-217 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{e163fb7630f945e9be5980842e317c8a,

title = "Describing early security requirements using use case maps",

abstract = "Non-functional requirements (NFR), such as availability, usability, performance, and security are often crucial in producing a satisfactory software product. Therefore, these non-functional requirements should be addressed as early as possible in the software development life cycle. Contrary to other non-functional requirements, such as usability and performance, security concerns are often postponed to the very end of the design process. As a result, security requirements have to be tailored into an existing design, leading to serious design challenges that usually translate into software vulnerabilities. In this paper, we present a novel approach to describe high-level security requirements using the Use Case Maps (UCM) language of the ITU-T User Requirements Notation (URN) standard. The proposed approach is based on a mapping to UCM models of a set of security architectural tactics that describe security design measures in a very general, abstract, and implementation-independent way. The resulting security extensions are described using a metamodel and implemented within the jUCMNav tool. We illustrate our approach using a UCM scenario describing the modification of consultants{\textquoteright} pay rates.",

keywords = "Feature modeling, GRL, Goal evaluation, Goal modeling, URN",

author = "Jameleddine Hassine and Abdelwahab Hamou-Lhadj",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.",

year = "2015",

doi = "10.1007/978-3-319-24912-4\_15",

language = "English",

isbn = "9783319249117",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "202--217",

editor = "Ina Schieferdecker and Rick Reed and Joachim Fischer and Markus Scheidgen",

booktitle = "SDL 2015",

address = "Germany",

}

Hassine, J & Hamou-Lhadj, A 2015, Describing early security requirements using use case maps. in I Schieferdecker, R Reed, J Fischer & M Scheidgen (eds), SDL 2015: Model-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9369, Springer Verlag, pp. 202-217. https://doi.org/10.1007/978-3-319-24912-4_15

Describing early security requirements using use case maps. / Hassine, Jameleddine; Hamou-Lhadj, Abdelwahab.
SDL 2015: Model-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings. ed. / Ina Schieferdecker; Rick Reed; Joachim Fischer; Markus Scheidgen. Springer Verlag, 2015. p. 202-217 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9369).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Describing early security requirements using use case maps

AU - Hassine, Jameleddine

AU - Hamou-Lhadj, Abdelwahab

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Non-functional requirements (NFR), such as availability, usability, performance, and security are often crucial in producing a satisfactory software product. Therefore, these non-functional requirements should be addressed as early as possible in the software development life cycle. Contrary to other non-functional requirements, such as usability and performance, security concerns are often postponed to the very end of the design process. As a result, security requirements have to be tailored into an existing design, leading to serious design challenges that usually translate into software vulnerabilities. In this paper, we present a novel approach to describe high-level security requirements using the Use Case Maps (UCM) language of the ITU-T User Requirements Notation (URN) standard. The proposed approach is based on a mapping to UCM models of a set of security architectural tactics that describe security design measures in a very general, abstract, and implementation-independent way. The resulting security extensions are described using a metamodel and implemented within the jUCMNav tool. We illustrate our approach using a UCM scenario describing the modification of consultants’ pay rates.

AB - Non-functional requirements (NFR), such as availability, usability, performance, and security are often crucial in producing a satisfactory software product. Therefore, these non-functional requirements should be addressed as early as possible in the software development life cycle. Contrary to other non-functional requirements, such as usability and performance, security concerns are often postponed to the very end of the design process. As a result, security requirements have to be tailored into an existing design, leading to serious design challenges that usually translate into software vulnerabilities. In this paper, we present a novel approach to describe high-level security requirements using the Use Case Maps (UCM) language of the ITU-T User Requirements Notation (URN) standard. The proposed approach is based on a mapping to UCM models of a set of security architectural tactics that describe security design measures in a very general, abstract, and implementation-independent way. The resulting security extensions are described using a metamodel and implemented within the jUCMNav tool. We illustrate our approach using a UCM scenario describing the modification of consultants’ pay rates.

KW - Feature modeling

KW - GRL

KW - Goal evaluation

KW - Goal modeling

KW - URN

UR - https://www.scopus.com/pages/publications/84950975519

U2 - 10.1007/978-3-319-24912-4_15

DO - 10.1007/978-3-319-24912-4_15

M3 - Conference contribution

AN - SCOPUS:84950975519

SN - 9783319249117

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 202

EP - 217

BT - SDL 2015

A2 - Schieferdecker, Ina

A2 - Reed, Rick

A2 - Fischer, Joachim

A2 - Scheidgen, Markus

PB - Springer Verlag

ER -

Hassine J, Hamou-Lhadj A. Describing early security requirements using use case maps. In Schieferdecker I, Reed R, Fischer J, Scheidgen M, editors, SDL 2015: Model-Driven Engineering for Smart Cities - 17th International SDL Forum, Proceedings. Springer Verlag. 2015. p. 202-217. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-24912-4_15

Describing early security requirements using use case maps

Abstract

Publication series

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this