Security Alignment Analysis of Software Product Lines

Abstract

Context: Security is becoming increasingly important during software engineering. Software developers should be able to adapt and deploy secure systems in a continuously changing execution context. Method: We use Software Product Lines (SPLs), Business Process Management (BPM) and Security Requirements Engineering (SRE) techniques for anticipating the uncertainty and the changes of security requirements. Results: We provide a method to support developers to incorporate security in the design of SPLs systems. To avoid costly and extensive re-design of SPLs and BPs, we propose a methodology to analyse the strategic change impact of SPLs and BPs. The methodology supports the alignment of organizational strategy and execution level with an emphasis to security. Conclusions: This methodology constitutes a guideline to trace back the impact of change respecting security constraints of SPLs and BPs on different abstraction levels.