Goal-Based Requirement Engineering for Fault Tolerant Security-Critical Systems

Abstract: This paper proposes a goal-based modeling approach to develop security requirements of Security-Critical Systems (SCSs) through explicitly factoring the faults into the requirement engineering process. Our approach establishes the Security Requirement Model (SRM) of the system based on its respective Security Fault Model (SFM).We incorporate fault tolerance into the SRM through considering the partial satisfaction of security goals. The proposed approach factors this partiality into the goals by using proper m… Show more

“…Security Requirement Model (SRM) of a software is constructed by a goal-based modeling process presented in our earlier work [21]. The process starts with identification of the assets [18,27] for a software product.…”

“…Defuzzification Our employed RELAX-ation technique [21,28] needs crisp values to specify the required level of satisfaction for RELAX-ed security requirements. Hence, defuzzification is required to map the linguistic priority values of requirements into their corresponding crisp values.…”

“…For this purpose we use a RELAX-ation technique proposed in [34]. Fuzzy semantic of the RELAX statements in the technique used properly captures partiality of security requirements [21]. Equations ( 8)-( 10) demonstrate this logic.…”

“…The first process referred to as Pre Prioritization and Selection (Pre-PAS) includes modeling, description, and analysis of security requirements. The Pre-PAS process uses our previously developed security model known as Security Requirement Model (SRM) [21] to capture partiality of security requirements (goals) [16]. The second process referred to as Prioritization and Selection (PAS) process on the other hand, takes the formally described SRM of a software and its corresponding analysis results as the input and constructs the Security Requirement List (SRL) of that software.…”

“…The paper continues with an overview of our employed modeling and description technique (Section 3). Then we introduce the PAPS framework (Section 3.1) and verify its validity through applying it to an Online Banking System (OBS) [21]. The paper will be concluded in Section 4 with a summary of the work and some general remarks.…”

A fuzzy framework for prioritization and partial selection of security requirements in software projects

“…Security Requirement Model (SRM) of a software is constructed by a goal-based modeling process presented in our earlier work [21]. The process starts with identification of the assets [18,27] for a software product.…”

“…Defuzzification Our employed RELAX-ation technique [21,28] needs crisp values to specify the required level of satisfaction for RELAX-ed security requirements. Hence, defuzzification is required to map the linguistic priority values of requirements into their corresponding crisp values.…”

“…For this purpose we use a RELAX-ation technique proposed in [34]. Fuzzy semantic of the RELAX statements in the technique used properly captures partiality of security requirements [21]. Equations ( 8)-( 10) demonstrate this logic.…”

“…The first process referred to as Pre Prioritization and Selection (Pre-PAS) includes modeling, description, and analysis of security requirements. The Pre-PAS process uses our previously developed security model known as Security Requirement Model (SRM) [21] to capture partiality of security requirements (goals) [16]. The second process referred to as Prioritization and Selection (PAS) process on the other hand, takes the formally described SRM of a software and its corresponding analysis results as the input and constructs the Security Requirement List (SRL) of that software.…”

“…The paper continues with an overview of our employed modeling and description technique (Section 3). Then we introduce the PAPS framework (Section 3.1) and verify its validity through applying it to an Online Banking System (OBS) [21]. The paper will be concluded in Section 4 with a summary of the work and some general remarks.…”

A fuzzy framework for prioritization and partial selection of security requirements in software projects

Model prototype utilization in the analysis of fault tolerant control and data processing systems

Dependency-aware software release planning