SECURITY REQUIREMENTS IN SOFTWARE PRODUCT LINES

Daniel Mellado; Eduardo Fernández-Medina; Mario Piattini

doi:10.5220/0001922804420449

SECURITY REQUIREMENTS IN SOFTWARE PRODUCT LINES

Daniel Mellado, Eduardo Fernández-Medina, Mario Piattini

2008

Abstract

Proper analysis and understanding of security requirements are important because they help us to discover any security or requirement defects or mistakes in the early stages of development. Hence, security requirements engineering is both a central task and a critical success factor in product line development due to the complexity and extensive nature of product lines. However, most of the current product line practices in requirements engineering do not adequately address security requirements engineering. Therefore, in this paper we will propose a security quality requirements engineering process (SREPPLine) driven by security standards and based on a security requirements decision model along with a security variability model to manage the variability of the artefacts related to security requirements. The aim of this approach is to deal with security requirements from the early stages of the product line development in a systematic way, in order to facilitate conformance with the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

Download

Paper Citation

in Harvard Style

Mellado D., Fernández-Medina E. and Piattini M. (2008). SECURITY REQUIREMENTS IN SOFTWARE PRODUCT LINES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 442-449. DOI: 10.5220/0001922804420449

in Bibtex Style

@conference{secrypt08,
author={Daniel Mellado and Eduardo Fernández-Medina and Mario Piattini},
title={SECURITY REQUIREMENTS IN SOFTWARE PRODUCT LINES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={442-449},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001922804420449},
isbn={978-989-8111-59-3},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - SECURITY REQUIREMENTS IN SOFTWARE PRODUCT LINES
SN - 978-989-8111-59-3
AU - Mellado D.
AU - Fernández-Medina E.
AU - Piattini M.
PY - 2008
SP - 442
EP - 449
DO - 10.5220/0001922804420449