Extending Security Requirement Patterns to Support Aspect-Oriented Risk-Driven Development
نویسندگان
چکیده
This paper presents a pattern representation of security concern solutions and their interactions that support aspect-oriented risk-driven development (AORDD). Security concern solutions are specified early in the development process, using UML as a rigorous notation for sets of patterns. A profile consisting of stereotypes and tagged values supports security concern requirement traceability throughout solution design refinement. The profile also supports riskdriven analysis. The additional concepts that are part of the risk-driven analysis component of AORDD are described in this paper, and the use of profile tags in this analysis is explained.
منابع مشابه
Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework
Security critical systems development needs to integrate both project and product risks assessment into the development. Such systems need to balance time to market constraints, cost demands, functional requirement, as well as security requirements. This advocate the use of techniques that support costeffective and risk-driven development. The aspect-oriented risk-driven development (AORDD) fra...
متن کاملSecurity Concerns in an Aspect-Oriented Modeling Approach
Security concerns are present in many software solutions and products. While the functional requirements most often drive the development of models in Model Driven Development (MDD), the modeling of non-functional concerns is equaling important for a high quality solution. Aspect Oriented Modeling (AOM) is an MDD approach that helps develop higher quality solutions by considering various requir...
متن کاملExtending Unified Modeling Language to Support Aspect-Oriented Software Development
Aspect-Oriented Software Development (AOSD) is continuously gaining more importance as the complexity of software systems increases and requirement changes are highrated. A smart way for making reuse of functionality without additional effort is separating the functional and non functional requirements. Aspect-oriented software development supports the capability of separating requirements base...
متن کاملAspect-oriented specification of threat-driven security requirements
This paper presents an aspect-oriented approach to integrated specification of functional and security requirements based on use-case-driven software development. It relies on explicit identification of security threats and threat mitigations. We first identify security threats with respect to use-case-based functional requirements in terms of security goals and the STRIDE category. Then, we su...
متن کاملUsing Aspects to Manage Security Risks in Risk-Driven Development
The EU IST-project CORAS has developed an integrated risk management and system development process for security-critical systems based on AS/NZS 4360, RUP, and RM–ODP. The approach presented in this paper is based on the concepts of risk-driven development and extends the CORAS framework by using aspects to specify security risk treatment options. This enhances the evaluation of the treatment ...
متن کامل