Monitoring and Diagnosing Malicious Attacks with Autonomic Software
ER '09 Proceedings of the 28th International Conference on Conceptual Modeling
Gathering current knowledge about quality evaluation in software product lines
Proceedings of the 13th International Software Product Line Conference
Reusing security requirements using an extended quality model
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Security requirements engineering framework for software product lines
Information and Software Technology
| Hi-index | 0.00 |
Software product line engineering has proven to be one of the most successful paradigms for developing a diversity of similar software applications and software-intensive systems at low costs, in short time, and with high quality, by exploiting commonalities and variabilities among products to achieve high levels of reuse. At the same time, due to the complexity and extensive nature of product line development, security and requirements engineering are critical success factors in the development of a software product line. However, most of the current product line practices in requirements engineering do not adequately address the security requirements engineering. Therefore, in this paper we will propose a security requirements decision model driven by security standards along with a security variability model to manage the variability of the security requirements related artefacts. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate the conformance to the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.