Impact evaluation for quality-oriented architectural decisions regarding evolvability
ECSA'10 Proceedings of the 4th European conference on Software architecture
Problem-solution mapping for forward and reengineering on architectural level
Proceedings of the 12th International Workshop on Principles of Software Evolution and the 7th annual ERCIM Workshop on Software Evolution
Hi-index | 0.00 |
Security requirements strongly influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. However, there is still a critical gap concerning the integration of the methods of these separate fields. In this paper we close this gap with respect to security requirements by proposing a method that combines software engineering approaches with state-of-the-art security engineering principles. This method establishes an explicit alignment between the non-functional goal, the principles in the field of security engineering, and the implementation of a security architecture. The method aims at designing a system's security architecture based on a small, precisely defined, and application-specific trusted computing base. We illustrate this method by means of a case study which describes distributed enterprise resource planning systems using web services to implement business processes across company boundaries.