D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange

Recommendations

Info

Fig. 4. SI* conceptual model quirements, he can run the requirement analysis to determine the level of achievement also for top-level requirements. Identify the problem. If some of the requirements are not fulfilled, the requirement engineer must identify the problem. 1. If there is a problem with the ReM, the requirement engineer must backtrack and search for an alternative way of updating the ReM when considering the change request that was initially passed from the user. b If there is a problem with testing, the test engineer must determine whether there is the need to generate new test cases or not. 4 Change management for evolving requirements For the change management process in the requirement domain we consider here the SI* requirement model [11] based on the Tropos methodology. As illustrated in Fig. 4, we consider the concept of goal and a subset of SI* relations, namely AND/OR decomposition, means-end, require, request, and dependency relations. The requirement analysis process consists of five steps: 1. Identify relevant stakeholders, modeled as actor (circle) and its structure. 2. Capture and refine actors’requirements as goal (rounded rectangle). 3. Define means to achieve their goals- i.e., process (hexagon) or resource (rectangle). 4. Model strategic dependencies between actors in fulfilling/executing/providing some goals/processes/resources. 5. Model specific security and risk related aspects such as introducing security goals, which are goals protecting assets and that can be identified as result of risk analysis [24] or analyzing trust relations and delegation of permissions among actors [11]. 6
The requirement analysis is an iterative process that aims at refining the stakeholders’ goals until all high-level goals are achieved. Different reasoning techniques for achievement can be applied based on goals [25] or arguments and logic-programs [12], or Datalog and logic programs [11], or a combination of qualitative and quantitative criteria [2]. Since testing may not provide full fledged evidence we may use the approach by Asnar et al [2] where we use the keyword SAT to denote that the evidence is in favor of the achievement of the the goal and DEN to denote that the evidence is against it. The evolution of a requirements model can be triggered by a change request that can be placed by stakeholders, or it can be a reaction to a previous change, or caused by external circumstances and merely observed. By means of evolution rules, it is possible to automatically detect changes in the requirement model and it is possible to define reactions to changes. Evolution rules are defined in conformance with the Event - Condition - Action semantics: basically, an Event captures a dynamic change in the requirement model, while Condition identifies the static context where this change happened. An Action is a list of operations that constitute the reaction to that event. An example of evolution that can be detected by an evolution rule is the addition of an actor to the requirement model and the delegation of a security goal by the actor to another actor which is not trusted. The Event and Condition part of the rule can be mapped on the addition of the new actor and the missing trust relationship while the Action part can specify appropriate reaction ranging from logging the event to automatic intervention like creating the missing trust relationship. Evolution rules can also be used to propagate changes in requirement models to other artefacts e.g risk models and test models (as in our case). 5 Change management for evolving tests As testing generation process we consider SeTGaM [10]. The model-based testing generation process starts by the design of the test model by the test architect: the model should describe the expected behaviour of the system under test (SUT). Then, the test model is used to generate the test cases and the coverage matrix, relating the tests with the covered model elements. The tests are then exported, or published, in a test repository and then executed. After the test execution, test results and metrics are provided. The test model consists of three different types of UML diagrams (Fig. 5). First, a class diagram describes the data model, namely the set of classes that represent the entities of the system, with their attributes and operations. Second, an object diagram provides a given instantiation of the class diagram together with the test data (i.e. the objects) that will be used as parameters for the operations composing the tests. Finally, the behavior of the system is described by two (complementary) means: a statechart diagram, and/or OCL constraints associated with the operations of the class diagram. The test coverage of system requirements and test objectives is achieved byusing the tags @REM and @AIM to annotate the OCL code. When an evolution occurs, the status of the test changes depending on the impact of the evolution on the model elements covered by the test case. Evolution of status is defined by considering two versions of the test model, M and M ′ , in which addition, modification or deletion of model elements (operations, behaviors, transitions, 7
Page 1 and 2:
D.3.3 ALGORITHMS FOR INCREMENTAL RE
Page 3 and 4:
1.14 19 January Final 1.15 23 Janua
Page 5 and 6:
Index DOCUMENT INFORMATION 1 DOCUME
Page 7 and 8:
1 Introduction This deliverable pre
Page 9 and 10:
(Clause 6.4.3) processes of ISO/IEC
Page 11 and 12:
3 Orchestrating Requirements and Ri
Page 13 and 14:
grey. The ADS-B introduction requir
Page 15 and 16:
The security risk manager identifie
Page 17 and 18:
are supported by the argumentation
Page 19 and 20:
ADS-B Manage ADS-B signal ADS-B sig
Page 21 and 22:
the stagnation suite (i.e. obsolete
Page 23 and 24: 5 A framework for modeling and reas
Page 25 and 26: sectors. And there is 42% of probab
Page 27 and 28: SDA(C) = {DA 2 , DA 4 , DA 8 , DA 1
Page 29 and 30: application contexts is saved if th
Page 31 and 32: Figure 14. ATM model state after qu
Page 33 and 34: References [1] Yudis Asnar, Fabio M
Page 35 and 36: Managing Changes with Legacy Securi
Page 37 and 38: Failure in the provisioning of corr
Page 39 and 40: propagated to the system designer a
Page 41 and 42: APPENDIX B D.3.3 Algorithms for Inc
Page 43 and 44: is sometimes difficult, especially
Page 45 and 46: Tactical Monitor air R controller t
Page 47 and 48: protected from harm. Since in CORAS
Page 49 and 50: CModel. The postcondtion checks the
Page 51 and 52: of ADS-B signal and Availability of
Page 53 and 54: extensions to i* to model and analy
Page 55 and 56: 3. Bzivin, J., Dup, G., Jouault, F.
Page 57 and 58: APPENDIX C D.3.3 Algorithms for Inc
Page 59 and 60: steps. Section V demonstrates the R
Page 61 and 62: that should be mitigated by the sys
Page 63 and 64: CPU value PINconfirmed(PIN, card-de
Page 65 and 66: TABLE IV PRIORITIZATION OF RISKS FO
Page 67 and 68: context. We believe that the Common
Page 69 and 70: Managing Evolution by Orchestrating
Page 71 and 72: 1.1 The Contribution of this Paper
Page 73: Fig. 3. Integrated Change Managemen
Page 77 and 78: Table 1. Conceptual Interface Requi
Page 79 and 80: Legend: Goals surrounded by dashed
Page 81 and 82: Table 5. Test Suite for GP-2.2 Tran
Page 83 and 84: 6. P. K. Chittimalli and M. J. Harr
Page 85 and 86: Noname manuscript No. (will be inse
Page 87 and 88: Dealing with Known Unknowns: A Goal
Page 113 and 114: Understanding How to Manage Require
Page 115 and 116: Chatzoglou et al. [4] conducted a s
Page 117 and 118: Evolution Elicitation Probability E
Page 119 and 120: Table 2. Participants Background Pa
Page 121 and 122: for the defined success criteria. O
Page 123 and 124: Fig. 3. Codes Coverage ATM systems,
Page 125 and 126:
The feedbacks provided by the ATM e
Page 127 and 128:
3. P. Carlshamre, K. Sandahl, M. Li
Page 129 and 130:
Quick fix generation for DSMLs Ábe
Page 131 and 132:
• extensibility: the supported li
Page 133 and 134:
Fig. 7. Overview of the Quick fix g
Page 135 and 136:
Fig. 9. Evaluation results (|V(M I
show all

D.3.3 ALGORITHMS FOR INCREMENTAL ... - SecureChange

Create successful ePaper yourself

Delete template?

Save as template?