ABSTRACT
A reoccurring problem in software engineering constitutes ensuring sufficient completeness of requirements specifications with economically justifiable efforts. Formulating precise quality requirements and especially security requirements is elaborate as they depend on many stakeholders and technological aspects that are often unclear in early project phases. Threats that may have a severe impact on the software product are sometimes not even known. One approach to tackle this situation is reusing quality requirements, because they are to a high degree similar in different software products. The effect can be higher quality while at the same time saving time and budget.
Quality models are a way to explicitly specify quality. Based on activity-based quality models an approach for specifying reusable quality requirements in early project phases is proposed that also allows a direct derivation of suitable quality requirements for new projects. The applicability of this approach and the resulting reuse potential is investigated in a case study, which concentrates on the security requirements of six industrial projects.
- A. I. Anton and J. B. Earp. Strategies for developing policies and requirements for secure electronic commerce systems. Technical report, North Carolina State University at Raleigh, 2000. Google ScholarDigital Library
- V. Basili, P. Donzelli, and S. Asgari. A unified model of dependability: Capturing dependability in context. IEEE Softw., 21(6):19--25, 2004. Google ScholarDigital Library
- B. W. Boehm and P. N. Papaccio. Understanding and controlling software costs. IEEE Trans. Softw. Eng., 14(10):1462--1477, October 1988. Google ScholarDigital Library
- CCRA. Common criteria for information technology security evaluation, version 3.1. http://www.commoncriteria.org, 2009.Google Scholar
- L. M. Cysneiros and J. C. S. do Prado Leite. Nonfunctional Requirements: From Elicitation to Conceptual Models. IEEE Trans. Softw. Eng., 30(5), 2004. Google ScholarDigital Library
- F. Deissenboeck, E. Juergens, K. Lochmann, and S. Wagner. Software quality models: Purposes, usage scenarios and requirements. In Proc. 7th International Workshop on Software Quality (WoSQ 09). IEEE Computer Society, 2009. Google ScholarDigital Library
- F. Deissenboeck, S. Wagner, M. Pizka, S. Teuchert, and J. F. Girard. An activity-based quality model for maintainability. In Proc. IEEE International Conference on Software Maintenance (ICSM 2007), pages 184--193. IEEE Computer Society, 2007.Google ScholarCross Ref
- J. Doerr, D. Kerkow, T. Koenig, T. Olsson, and T. Suzuki. Non-functional requirements in industry -- three case studies adopting an experience-based NFR method. In Proc. 13th International Conference on Requirements Engineering (RE'05), pages 373--382. IEEE Computer Society, 2005. Google ScholarDigital Library
- C. Ebert. Dealing with Nonfunctional Requirements in Large Software Systems. Ann. Softw. Eng., 3:367--395, 1997. Google ScholarDigital Library
- Federal Office for Information Security (BSI) in Germany. IT-Grundschutz Catalogues. https://www.bsi.bund.de/, 2007.Google Scholar
- D. Firesmith. Engineering security requirements. Journal of Object Technology, 2(1):53--68, 2003.Google ScholarCross Ref
- M. Glinz. On non-functional requirements. In Proc. 15th IEEE International Requirements Engineering Conference. IEEE Computer Society, 2007.Google ScholarCross Ref
- T. Gorschek and C. Wohlin. Requirements abstraction model. Requir. Eng., 11(1):79--101, 2006. Google ScholarDigital Library
- C. B. Haley, R. C. Laney, J. D. Moffett, and B. Nuseibeh. Security requirements engineering: A framework for representation and analysis. IEEE Trans. Softw. Eng., 34(1):133--153, 2008. Google ScholarDigital Library
- R. Kazman, M. Klein, and P. Clements. ATAM: Method for architecture evaluation. Technical report, CMU/SEI, August 2000.Google Scholar
- B. Kitchenham and S. P. Pfleeger. Software quality: The elusive target. IEEE Softw., 13(1):12--21, 1996. Google ScholarDigital Library
- D. Mellado, E. Fernandez-Medina, and M. Piattini. A common criteria based security requirements engineering process for the development of secure information systems. Computer Standards & Interfaces, 29(2):244--253, 2007. Google ScholarDigital Library
- D. Mellado, E. F. Medina, and M. Piattini. Security requirements variability for software product lines. In Proc. Third International Conference on Availability, Reliability and Security (ARES '08), pages 1413--1420. IEEE Computer Society, 2008. Google ScholarDigital Library
- J. Mylopoulos, L. Chung, and B. Nixon. Representing and using nonfunctional requirements: A process-oriented approach. IEEE Trans. Softw. Eng., 18(6):483--497, 1992. Google ScholarDigital Library
- G. Sindre, D. G. Firesmith, and A. L. Opdahl. A reuse-based approach to determining security requirements. In Proc. 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03), pages 16--17, 2003.Google Scholar
- I. Sommerville. Software Engineering (6th Edition). Addison Wesley, August 2000. Google ScholarDigital Library
- S. Wagner, F. Deissenboeck, and S. Winter. Managing quality requirements using activity-based quality models. In Proc. 6th Intern. Workshop on Software Quality (WoSQ '08), pages 29--34. ACM Press, 2008. Google ScholarDigital Library
- S. Wagner, D. Mendez Fernandez, S. Islam, and K. Lochmann. A security requirements approach for web systems. In Workshop Quality Assessment in Web (QAW 2009). 2009.Google Scholar
Index Terms
- Reusing security requirements using an extended quality model
Recommendations
Collecting Quality Requirements Using Quality Models and Goals
QUATIC '10: Proceedings of the 2010 Seventh International Conference on the Quality of Information and Communications TechnologyDetermining the quality of a software product basically deals with checking the fulfillment of functional and quality requirements. Therefore, specifying useful and testable quality requirements is a central challenge. Many existing approaches focus on ...
A Case Study on Specifying Quality Requirements Using a Quality Model
APSEC '12: Proceedings of the 2012 19th Asia-Pacific Software Engineering Conference - Volume 01Quality requirements are an often neglected part of requirements engineering. If specified at all, they tend to be either too abstract or very technical and without a rationale. In this paper, we evaluate a quality requirements approach, which makes use ...
Quality Assessment Technique for Enterprise Information-management System Software
ICEIS 2014: Proceedings of the 16th International Conference on Enterprise Information Systems - Volume 2The paper represents an overview of existing methods and standards used for the quality assessment of computer software. Quality model, quality requirements and recommendations for the evaluation of software product quality are defined in standards, but ...
Comments