User Tools
evolving_security_requirements
Differences
This shows you the differences between two versions of the page.
|
evolving_security_requirements [2013/05/27 11:18] leminhsang.tran@unitn.it [CASE Tool] |
evolving_security_requirements [2021/01/29 11:58] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Evolving Security Requirements ====== | ||
| - | |||
| - | Requirements evolution are unavoidable for any life-long system due to changes | ||
| - | in business objectives, regulations, standards, environment or threats. In many | ||
| - | cases, these changes are not completely unknown. For instance, the ongoing | ||
| - | discussion in a standard body might feature two or three proposals, albeit | ||
| - | might not be clear which one will finally win. A possible solution to the | ||
| - | challenges of requirements evolution is to choose a good design alternative | ||
| - | that could still work when evolution happens to minimize the risk and maximize | ||
| - | the benefit. | ||
| - | |||
| - | While many approaches have been proposed to perform the management or | ||
| - | consistency checking on requirements evolution, there has been less effort on | ||
| - | delivering an explicit modeling and reasoning framework to assist decision | ||
| - | managers select a good design alternative. We need to capture what | ||
| - | Loucopoulous and Kavakli [[http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.198.2218|[ER-99]]] identified as the | ||
| - | knowledge about //"what the current state is"//, //"where the desired state | ||
| - | to-be is in the future"//, and //"alternative designs"// for the desired | ||
| - | future state. In this respect it is important to provide a sound quantitative | ||
| - | analysis, which is one of the current weaknesses identified by Dalal et al. | ||
| - | [[http://dl.acm.org/citation.cfm?id=971620|[CACM-04]]] of many existing approaches. | ||
| - | |||
| - | |||
| - | ==== The Proposed Approach ==== | ||
| - | |||
| - | We are working on a generic approach which tackles the | ||
| - | fundamental issue of modeling and reasoning about requirements evolution to aid | ||
| - | such decision making. The modeling support represents requirements evolution in | ||
| - | terms of controllable and observable rules in which probability estimates can | ||
| - | be accounted by using game-theoretic semantics. The reasoning support provides | ||
| - | three quantitative metrics to identify which requirements must be implemented | ||
| - | to guarantee the best chances of success (Max Belief) or minimize the risk of | ||
| - | wasting money (Deferral Risk and Max Disbelief). | ||
| - | |||
| - | |||
| - | ==== CASE Tool ==== | ||
| - | |||
| - | We implement our approach in a CASE tool, called UNICORN. UNICORN is an Eclipse-based tool that aims to supports the modeling and reasoning on the uncertainty of requirements evolution. The tool provides graphical constructs as well as different views of requirements evolution to assist users to model requirements evolution. The reasoning facilitates the selection of design alternative. A technical overview of the tool can be found [[http://disi.unitn.it/~tran/pmwiki/pmwiki.php/Main/Unicorn|here]]. | ||
| - | ===== People ===== | ||
| - | The following is a list of people that has been involved in the project at some point in time. | ||
| - | * [[http://disi.unitn.it/~tran|Le Minh Sang Tran]] (PhD Student) | ||
| - | * [[http://disi.unitn.it/~massacci|Fabio Massacci]] | ||
| - | |||
| - | ===== Projects ===== | ||
| - | This activity was supported by a number of project | ||
| - | * NESSOS | ||
| - | * SECURECHANGE | ||
| - | |||
| - | ===== Publications ===== | ||
| - | ===2012=== | ||
| - | * Fabio Massacci, Deepa Nagaraj, Federica Paci, Le Minh Sang Tran and Alessandra Tedeschi. //Assessing a Requirements Evolution Approach: Empirical Studies in the Air Traffic Management Domain//. In Proceeding of the International Workshop on Empirical Requirements Engineering (EmpiRE 2012), co-located with RE 2012, September 25, 2012, Chicago, Illinois, USA.{{:research_activities:security_requirements_engineering:mass-etal-empire2012.pdf|PDF}} | ||
| - | |||
| - | ===2011=== | ||
| - | * L.M.S.Tran and F.Massacci. //Dealing with Known Unknowns: Towards a Game-Theoretic Foundation for Software Requirement Evolution//. In Proceeding of the 23rd International Conference on Advanced Information Systems Engineering (CAiSE'11) London, June 2011.{{:research_activities:security_requirements_engineering:forcaise-camera.pdf|PDF}} | ||
| - | * L.M.S.Tran. //Requirement Evolution: Towards a Methodology and Framework//. In the CAiSE Doctoral Consortium 2011. London, June 2011. {{:research_activities:security_requirements_engineering:caise-dc-mst.pdf|PDF}} | ||
| - | |||
| - | ===== Talks and Tutorials ===== | ||
| - | |||
| - | ===== Software ===== | ||
evolving_security_requirements.txt ยท Last modified: 2021/01/29 10:58 (external edit)
Page Tools
