Title :
Applying a Security Domain Requirements Engineering Process for Software Product Lines
Author :
Mellado, D. ; Fernandez-Medina, E. ; Piattini, M.
Author_Institution :
Centro de Desarrollo del Inst., Nac. de la Seguridad Social en la Gerencia, Madrid
fDate :
7/1/2008 12:00:00 AM
Abstract :
Security requirements management is especially important in software product lines, given that a weakness in security or a security breach can cause problems throughout all the products of a product line. The main contribution of this work is that of illustrating, by describing part of a real case study, a guided, systematic and intuitive way of dealing with security requirements from the early stages of the product line lifecycle by applying our proposed process of security requirements engineering for software product lines (SREPPLine), which makes it easier the variability and reusability management as well as the traceability relations of the security requirements in the product line. It is based on the use of the latest security requirements techniques, together with the integration of the Common Criteria (ISO/IEC 15408) and ISO/IEC 27001 controls, so that it facilitates the conformance of the product line and its products to the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.
Keywords :
product development; program diagnostics; program verification; security of data; software reusability; software standards; ISO/IEC 15408; ISO/IEC 27001; security domain requirements engineering process; software product line; software reusability management; software traceability; software variability; IEC standards; ISO standards; Robustness; Security; Common Criteria; ISO/IEC 27001; Requirements engineering; product lines; security requirements;
Journal_Title :
Latin America Transactions, IEEE (Revista IEEE America Latina)
Conference_Location :
7/1/2008 12:00:00 AM
DOI :
10.1109/TLA.2008.4653861
