Analysis of Secure Mobile Grid Systems: A systematic approach

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. The identification of security aspects in the first stages ensures a more robust development and permits the security requirements to be perfectly coupled with the design and the rest of the system’s requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. Generic development processes are sometimes used to develop Grid specific systems without taking into consideration either the subjacent technological environment or the special features and particularities of these specific systems. In fact, the majority of existing Grid applications have been built without a systematic development process and are based on ad hoc developments. The Mobile Grid, which is relevant to both Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources in a seamless, transparent, secure and efficient manner. Grids and mobile Grids may be the ideal solution for many large scale applications since they are of a dynamic nature and necessitate transparency for users. A Grid infrastructure that supports the participation of mobile nodes will thus play a significant role in the development of Grid Computing. A development methodology for Secure Mobile Grid Systems is proposed in which the security aspects are considered from the first stages of the life-cycle and in which the mobile Grid technological environment is always present in each activity. In this paper, we define the complete analysis activity (using SPEM 2.0, one of the software process modelling standards), we define all tasks, integrate the new defined artifacts (focused on security and reuse), and allocate some of the most representative ideas of the security requirements engineering discipline. In the development of this methodology, we apply the action–research method in order to incrementally improve and refine our approach, and we are currently applying this activity to an actual case study (which is being developed in a European project). This paper presents the analysis activity which is focused on ensuring that the system’s security and functional requirements are elicited, specified and modelled. In David G. Rosado, Eduardo Fernández-Medina, Javier López, Mario Piattini