Design and use of software architectures: adopting and evolving a product-line approach
Design and use of software architectures: adopting and evolving a product-line approach
Requirements Engineering: Processes and Techniques
Requirements Engineering: Processes and Techniques
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A CC-based Security Engineering Process Evaluation Model
COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
Security-Critical System Development with Extended Use Cases
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Eliciting security requirements with misuse cases
Requirements Engineering
Software Product Line Engineering: Foundations, Principles and Techniques
Software Product Line Engineering: Foundations, Principles and Techniques
Requirements Management for Product Lines: Extending Professional Tools
SPLC '06 Proceedings of the 10th International on Software Product Line Conference
Secure-System Design Methods: Evolution and Future Directions
IT Professional
Goal and scenario based domain requirements analysis environment
Journal of Systems and Software - Special issue: Selected papers from the 11th Asia Pacific software engineering conference (APSEC 2004)
Software Product Lines: Research Issues in Engineering and Management
Software Product Lines: Research Issues in Engineering and Management
Integrating Security and Software Engineering: Advances and Future Visions
Integrating Security and Software Engineering: Advances and Future Visions
Computer Standards & Interfaces
Computer Standards & Interfaces
Automatic translation form requirements model into use cases modeling on UML
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
A systematic review of security requirements engineering
Computer Standards & Interfaces
Security requirements engineering framework for software product lines
Information and Software Technology
The importance of documentation, design and reuse in risk management for SPL
Proceedings of the 28th ACM International Conference on Design of Communication
Information technology standards: a viable solution to reach the performance
NNECFSIC'12 Proceedings of the 12th WSEAS international conference on Neural networks, fuzzy systems, evolutionary computing & automation
| Hi-index | 0.00 |
Security and requirements engineering are one of the most important factors of success in the development of a software product line due to the complexity and extensive nature of them, given that a weakness in security can cause problems throughout the products of a product line. The main contribution of this work is that of providing a security standard-based process for software product line development, which is an add-in of activities in the domain engineering. This process deals with security requirements from the early stages of the product line lifecycle in a systematic and intuitive way especially adapted for product line based development. It is based on the use of the latest security requirements techniques, together with the integration of the Common Criteria (ISO/IEC 15408) and the ISO/IEC 17799 controls into the product line lifecycle. Additionally, it deals with security artefacts variability and traceability, providing us with a Security Core Assets Repository. Moreover, it facilitates the conformance to the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 17799. Finally, we will illustrate our proposed process by describing part of a real case study, as a preliminary validation of it.