Thein Than Tun

An NFR Pattern Approach to Dealing with NFRs

Non-functional requirements (NFRs), such as security and cost, are generally subjective and oftentimes synergistic or conflicting with each other. Properly dealing with such NFRs requires a large body of knowledge – goals to be achieved, problems or obstacles to be avoided, alternative solutions to mitigate the problems, and the best compromising alternative solution to be selected. However, few patterns exist for dealing with these kinds of knowledge of NFRs. In this paper, we present four kinds of NFR patterns for capturing and reusing knowledge of NFRs – objective pattern, problem pattern, alternatives pattern and selection pattern. NFR patterns may be visually represented, and organized by rules of specialization to create more specific patterns, of composition to build larger patterns, and of instantiation to create new patterns using existing patterns as templates. We have applied the NFR pattern approach to the TJX incident, one of the largest credit card theft in history, as a realistic case study.

Separation of concerns in feature diagram languages: A systematic survey

The need for flexible customization of large feature-rich software systems, according to requirements of various stakeholders, has become an important problem in software development. Among the many software engineering approaches dealing with variability management, the notion of Software Product Line (SPL) has emerged as a major unifying concept. Drawing from established disciplines of manufacturing, SPL approaches aim to design repertoires of software artifacts, from which customized software systems for specific stakeholder requirements can be developed. A major difficulty SPL approaches attempt to address is the modularization of software artifacts, which reconciles the users needs for certain features and the development and technical constraints. Towards this end, many SPL approaches use feature diagrams to describe possible configurations of a feature set. There have been several proposals for feature diagram languages with varying degrees of expressiveness, intuitiveness, and precision. However, these feature diagram languages have limited scalability when applied to realistic software systems. This article provides a systematic survey of various concerns of feature diagrams and ways in which concerns have been separated. The survey shows how the uncertainty in the purpose of feature diagram languages creates both conceptual and practical limitations to scalability of those languages.

Model-Based Argument Analysis for Evolving Security Requirements

Software systems are made to evolve in response to changes in their contexts and requirements. As the systems evolve, security concerns need to be analysed in order to evaluate the impact of changes on the systems. We propose to investigate such changes by applying a meta-model of evolving security requirements, which draws on requirements engineering approaches, security analysis, argumentation and software evolution. In this paper, we show how the meta-model can be instantiated using a formalism of temporal logic, called the Event Calculus. The main contribution is a model based approach to argument analysis, supported by a tool which generates templates for formal descriptions of the evolving system. We apply our approach to several examples from an Air Traffic Management case study.

Automated analysis of security requirements through risk-based argumentation

Included definition of premises.Adjusted the metamodel according to the Toulmin-style arguments.Revised the examples according to the changed metamodel.Added descriptions to Figs. 7 and 8.Fixed typos and improved the language. Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (RIsk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks and arguments, our automated checking of formal arguments can identify relevant risks as rebuttals to those arguments, and identify mitigations from publicly available security catalogues when possible. As a result, security engineers are able to make informed and traceable decisions about the security of their computer-based systems. The application of OpenRISA is illustrated with examples from a PIN Entry Device case study.

Requirements-driven adaptive digital forensics

We propose the use of forensic requirements to drive the automation of a digital forensics process. We augment traditional reactive digital forensics processes with proactive evidence collection and analysis activities, and provide immediate investigative suggestions before an investigation starts. These activities adapt depending on suspicious events, which in turn might require the collection and analysis of additional evidence. The reactive activities of a traditional digital forensics process are also adapted depending on the investigation findings.

Specifying and detecting meaningful changes in programs

Software developers are often interested in particular changes in programs that are relevant to their current tasks: not all changes to evolving software are equally important. However, most existing differencing tools, such as diff, notify developers of more changes than they wish to see. In this paper, we propose a technique to specify and automatically detect only those changes in programs deemed meaningful, or relevant, to a particular development task. Using four elementary annotations on the grammar of any programming language, namely Ignore, Order, Prefer and Scope, developers can specify, with limited effort, the type of change they wish to detect. Our algorithms use these annotations to transform the input programs into a normalised form, and to remove clones across different normalised programs in order to detect non-trivial and relevant differences. We evaluate our tool on a benchmark of programs to demonstrate its improved precision compared to other differencing approaches.

Privacy arguments: Analysing selective disclosure requirements for mobile applications

Privacy requirements for mobile applications offer a distinct set of challenges for requirements engineering. First, they are highly dynamic, changing over time and locations, and across the different roles of agents involved and the kinds of information that may be disclosed. Second, although some general privacy requirements can be elicited a priori, users often refine them at runtime as they interact with the system and its environment. Selectively disclosing information to appropriate agents is therefore a key privacy management challenge, requiring carefully formulated privacy requirements amenable to systematic reasoning. In this paper, we introduce privacy arguments as a means of analysing privacy requirements in general and selective disclosure requirements (that are both content- and context-sensitive) in particular. Privacy arguments allow individual users to express personal preferences, which are then used to reason about privacy for each user under different contexts. At runtime, these arguments provide a way to reason about requirements satisfaction and diagnosis. Our proposed approach is demonstrated and evaluated using the privacy requirements of BuddyTracker, a mobile application we developed as part of our overall research programme.

Evolution of security engineering artifacts: a state of the art survey

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research.

Requirements-driven mediation for collaborative security

Security is concerned with the protection of assets from intentional harm. Secure systems provide capabilities that enable such protection to satisfy some security requirements. In a world increasingly populated with mobile and ubiquitous computing technology, the scope and boundary of security systems can be uncertain and can change. A single functional component, or even multiple components individually, are often insufficient to satisfy complex security requirements on their own. Adaptive security aims to enable systems to vary their protection in the face of changes in their operational environment. Collaborative security, which we propose in this paper, aims to exploit the selection and deployment of multiple, potentially heterogeneous, software-intensive components to collaborate in order to meet security requirements in the face of changes in the environment, changes in assets under protection and their values, and the discovery of new threats and vulnerabilities. However, the components that need to collaborate may not have been designed and implemented to interact with one another collaboratively. To address this, we propose a novel framework for collaborative security that combines adaptive security, collaborative adaptation and an explicit representation of the capabilities of the software components that may be needed in order to achieve collaborative security. We elaborate on each of these framework elements, focusing in particular on the challenges and opportunities afforded by (1) the ability to capture, represent, and reason about the capabilities of different software components and their operational context, and (2) the ability of components to be selected and mediated at runtime in order to satisfy the security requirements. We illustrate our vision through a collaborative robotic implementation, and suggest some areas for future work.

Separating Concerns in Feature Models: Retrospective and Support for Multi-Views

Feature models (FMs) are a popular formalism to describe the commonality and variability of a set of assets in a software product line (SPL). SPLs usually involve large and complex FMs that describe thousands of features whose legal combinations are governed by many and often complex rules. The size and complexity of these models is partly explained by the large number of concerns considered by SPL practitioners when managing and configuring FMs. In this chapter, we first survey concerns and their separation in FMs, highlighting the need for more modular and scalable techniques. We then revisit the concept of view as a simplified representation of an FM. We finally describe a set of techniques to specify, visualise and verify the coverage of a set of views. These techniques are implemented in complementary tools providing practical support for feature-based configuration and large-scale management of FMs.