RUPSec: extending business modeling and requirements disciplines of RUP for developing secure systems

Nowadays, one of the main challenges facing computer systems is increasing attacks and security threats against them. Therefore, capturing, analyzing, designing, developing and testing of security requirements have became an important issue in development of security-critical computing systems, such as banking, military and e-commerce systems. For developing every system, a process model is chosen. The rational unified process (RUP) is one of the most popular and complete process models which has been used by developers in recent years. Our study and analysis has shown that RUP should be extended for developing security-critical systems. In this paper, we report our work on extending business modeling and requirements disciplines of RUP for developing secure systems. We call this extended version of RUP as RUPSec. The proposed extensions in RUPSec are adding and integrating a number of activities, roles, and artifacts to RUP in order to capture, document and model threats and security requirements.