Automated Support for Security Requirements Engineering in Software Product Line Domain Engineering

Security and requirements engineering are one of the most important factor of success in the development of a software product line due to the complexity and extensive nature of them, given that a weakness in security can cause problems throughout all the products of a product line. However, without a CARE (computer-aided requirements engineering) tool, the application of any security requirements engineering process or methodology is much more difficult because it has to be manually performed. Therefore, in this paper, we will present a prototype of SREPPLineTool, which provides automated support to facilitate the application of the security quality requirements engineering process for software product lines, SREPPLine. SREPPLineTool simplifies the management of security requirements in product lines by providing us with a guided, systematic and intuitive way to deal with them from the early phases of product lines development, simplifying the management and the visualization of the artefacts variability and traceability links and the integration of the security standards, as well as the management of the security reference model proposed by SREPPLine. Finally we shall illustrate the application of SREPPLineTool by describing a simple example as a preliminary validation of it.