Architecture Reasoning for Supporting Product Line Evolution: An Example on Security

Herrera, José Luis Arciniegas; Dueñas, Juan C.; Ruiz, José Antonio Camúñez; Cerón, Rodrigo; Bermejo, Jesus; Oltra, Miguel A.

doi:10.1007/978-3-540-33253-4_9

Cited by 10 publications

(16 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The ''Architecture reasoning for supporting SPL evolution" approach of Arciniegas et al [3] proposes a new process to support SPL evolution which involves architecture recovery and conformance methods and a set of techniques and tools to support them. The authors also present a case study dealing with non-functional security requirements in distributed environments through which to create a reference architecture.…”

Section: Related Workmentioning

confidence: 99%

“…The few recent proposals which deal with security in SPLs, such as [3,16], focus mainly on the design of implementation aspects of SPL development or include only a few security requirements activities. After analysing the most relevant current ''generic" security requirements related proposals in [44], we can conclude that none of them are either sufficiently specific or are tailored to the SPL development paradigm.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security requirements engineering framework for software product lines

Mellado¹,

Fernández‐Medina

Piattini

2010

Information and Software Technology

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Security requirements engineering framework for software product lines

Mellado¹,

Fernández‐Medina

Piattini

2010

Information and Software Technology

View full text Add to dashboard Cite

“…On the other hand, there are approaches focused on the security as a use case, such as in [36] and the methodology SecPL [37] is proposed to specify the security requirements and product-line variability. These are annotated in the design model of any system.…”

Section: Cybersecurity and Software Product Linesmentioning

confidence: 99%

CyberSPL: A Framework for the Verification of Cybersecurity Policy Compliance of System Configurations Using Software Product Lines

et al. 2019

View full text Add to dashboard Cite

Cybersecurity attacks affect the compliance of cybersecurity policies of the organisations. Such disadvantages may be due to the absence of security configurations or the use of default configuration values of software products and systems. The complexity in the configuration of products and systems is a known challenge in the software industry since it includes a wide range of parameters to be taken into account. In other contexts, the configuration problems are solved using Software Product Lines. This is the reason why in this article the framework Cybersecurity Software Product Line (CyberSPL) is proposed. CyberSPL is based on a methodology to design product lines to verify cybersecurity policies according to the possible configurations. The patterns to configure the systems related to the cybersecurity aspects are grouped by defining various feature models. The automated analysis of these models allows us to diagnose possible problems in the security configurations, reducing or avoiding them. As support for this proposal, a multi-user and multi-platform solution has been implemented, enabling setting a catalogue of public or private feature models. Moreover, analysis and reasoning mechanisms have been integrated to obtain all the configurations of a model, to detect if a configuration is valid or not, including the root cause of problems for a given configuration. For validating the proposal, a real scenario is proposed where a catalogue of four different feature models is presented. In this scenario, the models have been analysed, different configurations have been validated, and several configurations with problems have been diagnosed.

show abstract

“…For example, reverse engineering tools are used to automatically create architectural and other models based on code. This is especially useful in the context of open source software that is seldom accompanied by detailed design models [2]. The capabilities of reverse engineering tools to generate product line models with explicitly defined variability from application code are limited partly because much of the variability has typically been resolved by the time the code has been created.…”

Section: Machine To Human Communicationmentioning

confidence: 99%

“…Open-source UML tools are not yet as mature as their commercial counterparts are but they have reached a sufficient maturity level to benefit small and medium sized businesses [26]. We chose the two tools for evaluation because they (1) are available for Macintosh, Linux and Windows operating systems, (2) are not too expensive for a large company to deploy for even thousands of users, (3) support SysML, and (4) provide version management features. These four criteria are adequate to simulate a situation where a large company is looking for a UML modeling tool for organization-wide use by both systems and software architects, designers, and other stakeholders.…”

Section: Using the Framework To Evaluate Two Commercial Uml Modeling mentioning

confidence: 99%

Framework for Evaluating the Version Management Capabilities of a Class of UML Modeling Tools from the Viewpoint of Multi-Site, Multi-Partner Product Line Organizations

Koivulahti-Ojala

Käkölä

2010

2010 43rd Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

UML models are widely used in software product line engineering for activities such as modeling the software product line reference architecture, detailed design, and automation of software code generation and testing. But in high-tech companies, modeling activities are typically distributed across multiple sites and involve multiple partners in different countries, thus complicating model management. Today's UML modeling tools support sophisticated version management for managing parallel and distributed modeling. However, the literature does not provide a comprehensive set of industrial-level criteria to evaluate the version management capabilities of UML tools. This article's contribution is a framework for evaluating the version management features of UML modeling tools for multi-site, multi-partner software product line organizations.

show abstract

Architecture Reasoning for Supporting Product Line Evolution: An Example on Security

Cited by 10 publications

References 33 publications

Security requirements engineering framework for software product lines

Security requirements engineering framework for software product lines

CyberSPL: A Framework for the Verification of Cybersecurity Policy Compliance of System Configurations Using Software Product Lines

Framework for Evaluating the Version Management Capabilities of a Class of UML Modeling Tools from the Viewpoint of Multi-Site, Multi-Partner Product Line Organizations

Contact Info

Product

Resources

About