article

Secure Tropos framework for software product lines requirements engineering

Authors:

Daniel Mellado,

Haralambos Mouratidis,

Eduardo Fernández-MedinaAuthors Info & Claims

Computer Standards & Interfaces, Volume 36, Issue 4

Pages 711 - 722

https://doi.org/10.1016/j.csi.2013.12.006

Published: 01 June 2014 Publication History

Abstract

Security and requirements engineering are two of the most important factors of success in the development of a software product line (SPL). Goal-driven security requirements engineering approaches, such as Secure Tropos, have been proposed as a suitable paradigm for elicitation of security requirements and their analysis on both a social and a technical dimension. Nevertheless, goal-driven security requirements engineering methodologies are not appropriately tailored to the specific demands of SPL, while on the other hand specific proposals of SPL engineering have traditionally ignored security requirements. This paper presents work that fills this gap by proposing ''SecureTropos-SPL'' framework.

References

[1]

Arciniegas, J.L., Dueñas, J.C., Ruiz, J.L., Cerón, R., Bermejo, J. and Oltra, M.A., Architecture reasoning for supporting product line evolution: an example on security. In: Käkölä, T., Dueñas, J.C. (Eds.), Software Product Lines: Research Issues in Engineering and Management, Springer.

[2]

Bayer, J., Gerard, S., Haugen, O., Mansell, J., Moller-Pedersen, B., Oldevik, J., Tessier, P., Thibault, J.-P. and Widen, T., Consolidated product line variability modeling. In: Käkölä, T., Dueñas, J.C. (Eds.), Software Product Lines: Research Issues in Engineering and Management, pp. 195-241.

[3]

Birk, A. and Heller, G., Challenges for requirements engineering and management in software product line development. In: International Conference on Requirements Engineering (REFSQ 2007), pp. 300-305.

[4]

Bosh, J., Design & Use of Software Architectures. 2000. Pearson Education Limited.

[5]

Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J. and Perini, A., Tropos: agent-oriented software development methodology. J. Agent. Multi. Agent. Syst. 203-236.

[6]

Clements, P. and Northrop, L., Software product lines: practices and patterns. 2002. Addison-Wesley.

[7]

Fabian, B., Gürses, S., Heisel, M., Santen, T. and Schmidt, H., A comparison of security requirements engineering methods. Requir. Eng. v15. 7-40.

Digital Library

[8]

Faegri, T.E. and Hallsteinsen, S., A software product line reference architecture for security. In: Käkölä, T., Dueñas, J.C. (Eds.), Software Product Lines: Research Issues in Engineering and Management, Springer.

[9]

ISO/IEC, ISO/IEC 13335 Information Technology - Security Techniques - Management of Information and Communications Technology Security. 2004.

[10]

Feature-Oriented Domain Analysis (FODA) Feasibility Study. 1990. Software Engineering Institute, Carnegie-Mellon University.

[11]

Kim, J., Kim, M. and Park, S., Goal and scenario bases domain requirements analysis environment. J. Syst. Softw. 926-938.

[12]

M.A.P., Methodology for Information Systems Risk Analysis and Management (MAGERIT version 2). 2005. Ministry for Public Administration of Spain.

[13]

McGregor, J.D., Testing a Software Product Line. In: Borba, P. (Ed.), Testing Techniques in Software Engineering, Springer. pp. 104-140.

[14]

Mellado, D., Blanco, C., Sanchez, L.E. and Fernández-Medina, E., A systematic review of security requirements engineering. Comput. Stand. Interfaces. v32. 153-165.

Digital Library

[15]

Mellado, D., Fernández-Medina, E. and Piattini, M., Security requirements engineering framework for software product lines. Inf. Softw. Technol. v52. 1094-1117.

Digital Library

[16]

Mellado, D. and Mouratidis, H., Towards the extension of Secure Tropos language to support software product lines development. In: International Workshop on Security in Information Systems (WOSIS-2012),

[17]

Mouratidis, H., Secure Tropos: an agent oriented software engineering methodology for the development of health and social care information systems. Int. J. Comput. Sci. Secur. v3 i3. 241-271.

[18]

From goal-driven security requirements engineering to secure design. Int. J. Intell. Syst. v25 i8. 813-840.

[19]

OECD, The promotion of a culture of security for information systems and networks in OECD countries. In: DSTI/ICCP/REG(2005) 1/FINAL, Organisation for Economic Co-operation and Development.

[20]

http://www.omg.org/spec/SPEM

[21]

Pohl, K., Böckle, G. and Linden, F.v.d., Software Product Line Engineering. Foundations, Principles and Techniques. 2005. Springer, Berlin Heidelberg.

[22]

Schmid, K. and John, I., A customizable approach to full-life cycle variability management. 2004. Elsevier.

[23]

Schmid, K., Krennrich, K. and Eisenbarth, M., Requirements Management for Product Lines: A Prototype. 2005. Fraunhofer IESE.

[24]

Sinnema, M., Deelstra, S., Nijhuis, J. and Bosch, J., COVAMOF: a framework for modeling variability in software product families. In: Proc. of the Third Softw. Product Line Conf, SPLC, Boston, MA, USA.

Cited By

May RDenecke K(2024)Conversational Agents in Healthcare: A Variability PerspectiveProceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems10.1145/3634713.3634717(123-128)Online publication date: 7-Feb-2024
https://dl.acm.org/doi/10.1145/3634713.3634717
Mythily MDavid BVenkatesan RJoseph I(2023)Model transformation and code generation using a secure business process modelJournal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology10.3233/JIFS-23135945:4(6691-6705)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/JIFS-231359
Mythily MSaha SSelvam SSwamidason I(2022)BPM supported model generation by contemplating key elements of information securityAutomated Software Engineering10.1007/s10515-022-00321-529:1Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s10515-022-00321-5
Show More Cited By

Index Terms

Secure Tropos framework for software product lines requirements engineering
1. Applied computing
  1. Enterprise computing
2. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

Security requirements engineering framework for software product lines

Context: The correct analysis and understanding of security requirements are important because they assist in the discovery of any security or requirement defects or mistakes during the early stages of development. Security requirements engineering is ...
Towards transformation guidelines from secure tropos to misuse cases (position paper)
SESS '11: Proceedings of the 7th International Workshop on Software Engineering for Secure Systems

(IS) requires that the security concerns should be properly articulated well ahead in early requirement engineering (RE) along with other functional and non-functional requirements. In this paper, based on the domain model for IS security risk ...
Security Requirements Variability for Software Product Lines
ARES '08: Proceedings of the 2008 Third International Conference on Availability, Reliability and Security

Software product line engineering has proven to be one of the most successful paradigms for developing a diversity of similar software applications and software-intensive systems at low costs, in short time, and with high quality, by exploiting ...

Comments

Information & Contributors

Information

Published In

cover image Computer Standards & Interfaces

Computer Standards & Interfaces Volume 36, Issue 4

June, 2014

115 pages

ISSN:0920-5489

Issue’s Table of Contents

Copyright © Elsevier B.V. © 2014.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 June 2014

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

May RDenecke K(2024)Conversational Agents in Healthcare: A Variability PerspectiveProceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems10.1145/3634713.3634717(123-128)Online publication date: 7-Feb-2024
https://dl.acm.org/doi/10.1145/3634713.3634717
Mythily MDavid BVenkatesan RJoseph I(2023)Model transformation and code generation using a secure business process modelJournal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology10.3233/JIFS-23135945:4(6691-6705)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/JIFS-231359
Mythily MSaha SSelvam SSwamidason I(2022)BPM supported model generation by contemplating key elements of information securityAutomated Software Engineering10.1007/s10515-022-00321-529:1Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s10515-022-00321-5
Kenner AMay RKrüger JSaake GLeich TMousavi MSchobbens P(2021)Safety, security, and configurable software systemsProceedings of the 25th ACM International Systems and Software Product Line Conference - Volume A10.1145/3461001.3471147(148-159)Online publication date: 6-Sep-2021
https://dl.acm.org/doi/10.1145/3461001.3471147
Peldszus SStrüber DJürjens J(2020)Model-based security analysis of feature-oriented software product linesACM SIGPLAN Notices10.1145/3393934.327812653:9(93-106)Online publication date: 7-Apr-2020
https://dl.acm.org/doi/10.1145/3393934.3278126
Gonçalves EAlmendra CGoulão MAraújo JCastro J(2020)Using empirical studies to mitigate symbol overload in iStar extensionsSoftware and Systems Modeling (SoSyM)10.1007/s10270-019-00770-919:3(763-784)Online publication date: 1-May-2020
https://dl.acm.org/doi/10.1007/s10270-019-00770-9
Varela-Vaca ÁRosado DSánchez LGómez-López MGasca RFernández-Medina E(2020)Definition and Verification of Security Configurations of Cyber-Physical SystemsComputer Security10.1007/978-3-030-64330-0_9(135-155)Online publication date: 14-Sep-2020
https://dl.acm.org/doi/10.1007/978-3-030-64330-0_9
Gonçalves EOliveira MMonteiro ICastro JAraújo J(2019)Understanding what is important in iStar extension proposalsRequirements Engineering10.1007/s00766-018-0302-524:1(55-84)Online publication date: 1-Mar-2019
https://dl.acm.org/doi/10.1007/s00766-018-0302-5
Peldszus SStrüber DJürjens JVan Wyk ERompf T(2018)Model-based security analysis of feature-oriented software product linesProceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences10.1145/3278122.3278126(93-106)Online publication date: 5-Nov-2018
https://dl.acm.org/doi/10.1145/3278122.3278126
Afzal UMahmood TShaikh Z(2016)Intelligent software product line configurationsComputer Standards & Interfaces10.1016/j.csi.2016.03.00348:C(30-48)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1016/j.csi.2016.03.003
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents