D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange

Recommendations

Info

6 Conclusions In this paper we have presented an approach for handling change propagation and analyzing the mutual impact between the requirement engineering and risk analysis domains. Change propagation is based on conceptual mappings between the two domains and a set of well-defined mapping rules that handle the change propagation at the model level. An important advantage of the approach is separation of concerns. Enforcing this principle has the advantage that the respective processes can leverage on each other while being conducted separately, and that the risk analysts do not need thorough expertise in the requirement domain or the requirement modeling language, and vice versa. They only need to have a high-level understanding of the mapped concepts. The changedriven interplay is supported by the formalization of the mappings as VIATRA2 graph transformation rules. The execution of the rules ensures the preservation of model consistency between the two domains under change. In this paper the approach has been applied to the SI* requirement framework and the CORAS risk framework, although it is applicable also to alternative (competing) instantiations. Indeed, the concepts that are mapped in the former – such as goal, resource, and task – are in common to other goal-oriented approaches to requirement engineering. The same holds for asset and treatments that are key concepts in other risk analysis approaches. Thus, the validity of our approach goes beyond the demonstrated instantiations in this paper; alternative approaches to requirement engineering and risk analysis with similar underlying conceptual frameworks can be orchestrated by following the same approach. In risk analysis, one of the objectives is to identify and document treatments the implementation of which ensures that the residual risk level is within the acceptable threshold, whereas requirements engineering aims at achieving the identified goals to an acceptable level. Thus, as future work, we plan to extend the framework with mapping rules for relating the residual risk level with the achievement level such that propagations are triggered also by changes to these. We moreover plan to extend the framework in order to handle more complex changes than the atomic ones. A further topic for future work is the definition of methods to handle conflicting changes such as a new requirement contradicting existing treatments. Acknowledgments. This work has been partially supported by the European Commission under the 7th Framework Programme via the <strong>SecureChange</strong> (231101) project and the NESSoS (256980) network of excellence. References 1. Alberts, C.J., Davey, J.: OCTAVE criteria version 2.0. Technical report CMU/SEI-2001-TR- 016, Carnegie Mellon University (2004) 2. Asnar, Y., Giorgini, P., Mylopoulos, J.: Goal-driven risk assessment in requirements engineering. Requirements Engineering 16(2), 101–116 (2011)
3. Bzivin, J., Dup, G., Jouault, F., Pitette, G., Rougui, J.E.: First experiments with the ATL model transformation language: Transforming XSLT into XQuery. In: 2nd OOPSLA Workshop on Generative Techniques in the context of Model Driven Architecture (2003) 4. Chechik, M., Lai, W., Nejati, S., Cabot, J., Diskin, Z., Easterbrook, S., Sabetzadeh, M., Salay, R.: Relationship-based change propagation: A case study. In: Proceedings of the 2009 ICSE Workshop on Modeling in Software Engineering. pp. 7–12. MISE’09, IEEE Computer Society, Washington, DC, USA (2009) 5. Cleland-Huang, J., Settimi, R., BenKhadra, O., Berezhanskaya, E., Christina, S.: Goalcentric traceability for managing non-functional requirements. In: Proceedings of the 27th International Conference on Software Engineering. pp. 362–371. ICSE ’05, ACM, New York, NY, USA (2005) 6. Natt och Dag, J., Regnell, B., Carlshamre, P., Andersson, M., Karlsson, J.: A feasibility study of automated natural language requirements analysis in market-driven development. Requir. Eng. 7(1), 20–33 (2002) 7. Egyed, A., Grünbacher, P.: Automating requirements traceability: Beyond the record & replay paradigm. In: ASE. pp. 163–171 (2002) 8. Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Engineering 15(1), 41–62 (2009) 9. EUROCONTROL: ATM Strategy for the Years 2000+ (2003) 10. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering for trust management: model, methodology, and reasoning. International Journal of Information Security 5(4), 257–274 (2006) 11. Hayes, J.H., Dekhtyar, A., Sundaram, S.K.: Advancing candidate link generation for requirements tracing: The study of methods. IEEE Trans. Softw. Eng. 32, 4–19 (January 2006) 12. IBM Rational DOORS, http://www-01.ibm.com/software/awdtools/doors/features/ 13. ISO: ISO 31000 Risk management – Principles and guidelines (2009) 14. von Knethen, A., Grund, M.: Quatrace: A tool environment for (semi-) automatic impact analysis based on traces. In: ICSM. pp. 246–255 (2003) 15. Lamsweerde, A.V.: Elaborating security requirements by construction of intentional antimodels. In: Software Engineering, 2004. ICSE 2004. Proceedings. 26th International Conference on. pp. 148–157 (2004) 16. Li, T., Liu, L., Bryant, B.R.: Service Security Analysis Based on i*: An Approach from the Attacker Viewpoint. In: Security, Trust, and Privacy for Software Applications (STPSA 2010). pp. 127–133. Seoul (2010) 17. Lin, L., Prowell, S.J., Poore, J.H.: The impact of requirements changes on specifications and state machines. Softw. Pract. Exper. 39, 573–610 (2009) 18. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. Proc.of RE 3, 151–161 (2003) 19. Lucia, A.D., Fasano, F., Oliveto, R., Tortora, G.: Recovering traceability links in software artifact management systems using information retrieval methods. ACM Trans. Softw. Eng. Methodol. 16 (2007) 20. Lund, M.S., den Braber, F., Stølen, K.: Maintaining results from security assessments. In: 7th European Conference on Software Maintenance and Reengineering. pp. 341–350. IEEE Computer Society (2003) 21. Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis - The CORAS Approach. Springer Berlin Heidelberg, Berlin, Heidelberg (2011) 22. Massacci, F., Mylopoulos, J., Zannone, N.: Security Requirements Engineering : The SI* Modeling Language and the Secure Tropos Methodology. In: Ras, Z., Tsay, L.S. (eds.) Advances in Intelligent Information Systems, Studies in Computational Intelligence, vol. 265, pp. 147–174. Springer Berlin / Heidelberg (2010)
Page 1 and 2:
D.3.3 ALGORITHMS FOR INCREMENTAL RE
Page 3 and 4: 1.14 19 January Final 1.15 23 Janua
Page 5 and 6: Index DOCUMENT INFORMATION 1 DOCUME
Page 7 and 8: 1 Introduction This deliverable pre
Page 9 and 10: (Clause 6.4.3) processes of ISO/IEC
Page 11 and 12: 3 Orchestrating Requirements and Ri
Page 13 and 14: grey. The ADS-B introduction requir
Page 15 and 16: The security risk manager identifie
Page 17 and 18: are supported by the argumentation
Page 19 and 20: ADS-B Manage ADS-B signal ADS-B sig
Page 21 and 22: the stagnation suite (i.e. obsolete
Page 23 and 24: 5 A framework for modeling and reas
Page 25 and 26: sectors. And there is 42% of probab
Page 27 and 28: SDA(C) = {DA 2 , DA 4 , DA 8 , DA 1
Page 29 and 30: application contexts is saved if th
Page 31 and 32: Figure 14. ATM model state after qu
Page 33 and 34: References [1] Yudis Asnar, Fabio M
Page 35 and 36: Managing Changes with Legacy Securi
Page 37 and 38: Failure in the provisioning of corr
Page 39 and 40: propagated to the system designer a
Page 41 and 42: APPENDIX B D.3.3 Algorithms for Inc
Page 43 and 44: is sometimes difficult, especially
Page 45 and 46: Tactical Monitor air R controller t
Page 47 and 48: protected from harm. Since in CORAS
Page 49 and 50: CModel. The postcondtion checks the
Page 51 and 52: of ADS-B signal and Availability of
Page 53: extensions to i* to model and analy
Page 57 and 58: APPENDIX C D.3.3 Algorithms for Inc
Page 59 and 60: steps. Section V demonstrates the R
Page 61 and 62: that should be mitigated by the sys
Page 63 and 64: CPU value PINconfirmed(PIN, card-de
Page 65 and 66: TABLE IV PRIORITIZATION OF RISKS FO
Page 67 and 68: context. We believe that the Common
Page 69 and 70: Managing Evolution by Orchestrating
Page 71 and 72: 1.1 The Contribution of this Paper
Page 73 and 74: Fig. 3. Integrated Change Managemen
Page 75 and 76: The requirement analysis is an iter
Page 77 and 78: Table 1. Conceptual Interface Requi
Page 79 and 80: Legend: Goals surrounded by dashed
Page 81 and 82: Table 5. Test Suite for GP-2.2 Tran
Page 83 and 84: 6. P. K. Chittimalli and M. J. Harr
Page 85 and 86: Noname manuscript No. (will be inse
Page 87 and 88: Dealing with Known Unknowns: A Goal
Page 105 and 106:
Dealing with Known Unknowns: A Goal
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Understanding How to Manage Require
Page 115 and 116:
Chatzoglou et al. [4] conducted a s
Page 117 and 118:
Evolution Elicitation Probability E
Page 119 and 120:
Table 2. Participants Background Pa
Page 121 and 122:
for the defined success criteria. O
Page 123 and 124:
Fig. 3. Codes Coverage ATM systems,
Page 125 and 126:
The feedbacks provided by the ATM e
Page 127 and 128:
3. P. Carlshamre, K. Sandahl, M. Li
Page 129 and 130:
Quick fix generation for DSMLs Ábe
Page 131 and 132:
• extensibility: the supported li
Page 133 and 134:
Fig. 7. Overview of the Quick fix g
Page 135 and 136:
Fig. 9. Evaluation results (|V(M I
show all

D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange

Create successful ePaper yourself

Delete template?

Save as template?