Title :
Security Requirements Engineering Process for Software Product Lines: A Case Study
Author :
Mellado, Daniel ; Fernandez-Medina, E. ; Piattini, Mario
Author_Institution :
IT Dept. Madrid, Nat. Competition Comm., Madrid
Abstract :
The majority of the current product line practices in requirements engineering do not adequately address security requirements engineering despite the fact that security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. Therefore, our contribution is to present and to demonstrate the applicability of our proposed security quality requirements engineering process (SREPPLine), which is based on a security requirements decision model driven by security standards along with a security variability model. We shall demonstrate our proposal by describing part of a real case study as a preliminary validation of these models. The final aim of this approach is to deal with security requirements variability from the early stages of the product line development in a systematic way, in order to facilitate conformance of the products with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.
Keywords :
formal specification; product development; security of data; software quality; software reusability; central task; critical success factor; security requirements engineering process; software product line development; Design engineering; IEC standards; ISO standards; Information security; Information systems; National security; Proposals; Software engineering; Software quality; Standards development; ISO/IEC 27001; Security requirements; product lines; requirements engineering;
Conference_Titel :
Software Engineering Advances, 2008. ICSEA '08. The Third International Conference on
Conference_Location :
Sliema
Print_ISBN :
978-1-4244-3218-9
Electronic_ISBN :
978-0-7695-3372-8
DOI :
10.1109/ICSEA.2008.14
