Kurt Schneider

Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Building secure systems is difficult for many reasons. This paper deals with two of the main challenges: (i) the lack of security expertise in development teams and (ii) the inadequacy of existing methodologies to support developers who are not security experts. The security standard ISO 14508 Common Criteria (CC) together with secure design techniques such as UMLsec can provide the security expertise, knowledge, and guidelines that are needed. However, security expertise and guidelines are not stated explicitly in the CC. They are rather phrased in security domain terminology and difficult to understand for developers. This means that some general security and secure design expertise are required to fully take advantage of the CC and UMLsec. In addition, there is the problem of tracing security requirements and objectives into solution design, which is needed for proof of requirements fulfilment. This paper describes a security requirements engineering methodology called SecReq. SecReq combines three techniques: the CC, the heuristic requirements editor HeRA, and UMLsec. SecReq makes systematic use of the security engineering knowledge contained in the CC and UMLsec, as well as security-related heuristics in the HeRA tool. The integrated SecReq method supports early detection of security-related issues (HeRA), their systematic refinement guided by the CC, and the ability to trace security requirements into UML design models. A feedback loop helps reusing experience within SecReq and turns the approach into an iterative process for the secure system life-cycle, also in the presence of system evolution.

Experience and Knowledge Management in Software Engineering

Nowadays, there is software everywhere in our life. It controls cars, airplanes, factories, medical implants. Without software, banking, logistics and transportation, media, and even scientific research would not function in the accustomed way. Building and maintaining software is a knowledge-intensive endeavour and requires that specific experiences are handled successfully. However, neither knowledge nor experience can be collected, stored, and shipped like physical goods, instead these delicate resources require dedicated techniques. Knowledge and experience are often called company assets, yet this is only part of the truth: it is only software engineers and other creative employees who will effectively exploit an organisations knowledge and experience. Kurt Schneiders textbook is written for those who want to make better use of their own knowledge and experience either personally or within their group or company. Everyone related to software development will benefit from his detailed explanations and case studies: project managers, software engineers, quality assurance responsibles, and knowledge managers. His presentation is based on years of both practical experience, with companies such as Boeing, Daimler, and Nokia, and research in renowned environments, such as the Fraunhofer Institute. Each chapter is self-contained, it clearly states its learning objectives, gives in-depth presentations, shows the techniques practical relevance in application scenarios, lists detailed references for further reading, and is finally completed by exercises that review the material presented and also challenge further, critical examinations. The overall result is a textbook that is equally suitable as a personal resource for self-directed learning and as the basis for a one-semester course on software engineering and knowledge management.

Breaking the ice for agile development of embedded software: an industry experience report

A software engineering department in a Daimler-Chrysler business unit was highly professional at developing embedded software for busses and coaches. However, customer specific add-ons were a regular source of hassle. Simple as they are, those individual requirements have to be implemented in hours or days rather than weeks or months. Poor quality or late upload into the bus hardware would cause serious cost and overhead. Established software engineering methods were considered inadequate and needed to be cut short. Agile methods offer guidance when quality, flexibility and high speed need to be reconciled. However, we did not adopt any full agile method, but added single agile practices to our process improvement toolbox. We suggested a number of classical process improvement activities (such as more systematic documentation and measurement) and combined them with agile elements (e.g. Test First Process). This combination seemed to foster acceptance of agile ideas and may help us to break the ice for a cautious extension of agile process improvement.

Experience in implementing a learning software organization

In an effort to improve software development and acquisition processes and explicitly reuse knowledge from previous software projects, DaimlerChrysler created a software experience center (SEC). The authors report on challenges the company faced in creating the SEC.

It was a bit of a race: gamification of version control

The adoption of software engineering practices cannot always be achieved by education or processes. However, social software has the potential for supporting deliberate behavior change. We present preliminary results of an experiment in which we encouraged computer science students to make more frequent commits to version control by using a social software application. We provided a web-based newsfeed of commits that also displayed a leaderboard. While we have yet to analyze the data, interviews we conducted with the participants allow for first qualitative insights.

Mutual assessment in the social programmer ecosystem: an empirical investigation of developer profile aggregators

The multitude of social media channels that programmers can use to participate in software development has given rise to online developer profiles that aggregate activity across many services. Studying members of such developer profile aggregators, we found an ecosystem that revolves around the social programmer. Developers are assessing each other to evaluate whether other developers are interesting, worth following, or worth collaborating with. They are self-conscious about being assessed, and thus manage their public images. They value passion for software development, new technologies, and learning. Some recruiters participate in the ecosystem and use it to find candidates for hiring; other recruiters struggle with the interpretation of signals and issues of trust. This mutual assessment is changing how software engineers collaborate and how they advance their skills.

Establishing experience factories at Daimler-Benz: an experience report

The experience factory concept enables systematic learning and continuous improvement in software development. As with most learning initiatives, it is hard to establish. In our experience, there is a great deal of uncertainty and skepticism about the mission and contents of an experience factory. The starting phase is especially endangered through pitfalls or unexpected delays. As expectations vary and there is pressure to demonstrate success within only a few months, tension arises which may jeopardize the entire enterprise. In the course of a large-scale software improvement program, we have established three experience factories in different environments of the Daimler-Benz AG within two years. At each site, several application projects are involved. We describe how we approached the task, what actions we took, and the lessons we learned.

LIDs: A Light-Weight Approach to Experience Elicitation and Reuse

Building common ontologies, setting up measurement programs, and conducting interviews are valid techniques to start eliciting knowledge and experience for later reuse. However, they appear too expensive and too resource-demanding in many industrial environments. This paper presents a light-weight approach to capturing important reusable material, including experiences. The LIDs approach includes defined process steps and templates to create reusable material for different kinds of users. It has emerged pragmatically from our long-standing process improvement work with different business units.

Organizational learning and experience documentation in industrial software projects

Learning from experiences in the software domain is an important issue for the DaimlerChrysler Corporation. Unfortunately, there are no textbook recipes on how a process of organizational learning can be established. In particular, those types of experiences must be identified that are potentially valuable for reuse. Furthermore, the organization and representation of such experiences must be defined in such a way that they can easily be retrieved and used for the solving of new problems. In this paper, we provide some insights that we gained during the examination of these issues in projects aiming at establishing a so-called experience factory.

Enhancing security requirements engineering by organizational learning

More and more software projects today are security-related in one way or the other. Requirements engineers without expertise in security are at risk of overlooking security requirements, which often leads to security vulnerabilities that can later be exploited in practice. Identifying security-relevant requirements is labor-intensive and error-prone. In order to facilitate the security requirements elicitation process, we present an approach supporting organizational learning on security requirements by establishing company-wide experience resources and a socio-technical network to benefit from them. The approach is based on modeling the flow of requirements and related experiences. Based on those models, we enable people to exchange experiences about security-relevant requirements while they write and discuss project requirements. At the same time, the approach enables participating stakeholders to learn while they write requirements. This can increase security awareness and facilitate learning on both individual and organizational levels. As a basis for our approach, we introduce heuristic assistant tools. They support reuse of existing experiences that are relevant for security. In particular, they include Bayesian classifiers that issue a warning automatically when new requirements seem to be security-relevant. Our results indicate that this is feasible, in particular if the classifier is trained with domain-specific data and documents from previous projects. We show how the ability to identify security-relevant requirements can be improved using this approach. We illustrate our approach by providing a step-by-step example of how we improved the security requirements engineering process at the European Telecommunications Standards Institute (ETSI) and report on experiences made in this application.