Visible to the public Managing security requirements patterns using feature diagram hierarchiesConflict Detection Enabled

TitleManaging security requirements patterns using feature diagram hierarchies
Publication TypeConference Proceedings
Year of Publication2014
AuthorsRocky Slavin, Jean-Michel Lehker, Jianwei Niu, Travis Breaux
Conference Name2014 IEEE 22nd International Requirements Engineering Conference (RE)
Date Published08/2014
Conference LocationKarlskrona, Sweden
ISBN Number978-1-4799-3033-3
KeywordsCMU, Oct'14

Security requirements patterns represent reusable security practices that software engineers can apply to improve security in their system. Reusing best practices that others have employed could have a number of benefits, such as decreasing the time spent in the requirements elicitation process or improving the quality of the product by reducing product failure risk. Pattern selection can be difficult due to the diversity of applicable patterns from which an analyst has to choose. The challenge is that identifying the most appropriate pattern for a situation can be cumbersome and time-consuming. We propose a new method that combines an inquiry-cycle based approach with the feature diagram notation to review only relevant patterns and quickly select the most appropriate patterns for the situation. Similar to patterns themselves, our approach captures expert knowledge to relate patterns based on decisions made by the pattern user. The resulting pattern hierarchies allow users to be guided through these decisions by questions, which introduce related patterns in order to help the pattern user select the most appropriate patterns for their situation, thus resulting in better requirement generation. We evaluate our approach using access control patterns in a pattern user study.

Citation Keynode-30320

Other available formats:

Slavin_Managing_Sec_Requirements_TB.pdfPDF document957.51 KBDownloadPreview