Injecting security as aspectable NFR into Software Architecture

14th Asia-Pacific Software Engineering Conference (APSEC'07) Pub Date : 2007-12-04 DOI:10.1109/APSEC.2007.65

H. Bagheri

{"title":"Injecting security as aspectable NFR into Software Architecture","authors":"H. Bagheri","doi":"10.1109/APSEC.2007.65","DOIUrl":null,"url":null,"abstract":"Complexity of the software development process is often increased by actuality of crosscutting concerns in software requirements; moreover, software security as a particular non-functional requirement of software systems is often addressed late in the software development process. Modeling and analyzing of these concerns and especially security in the software architecture facilitate detecting architectural vulnerabilities, decrease costs of the software maintenance, and reduce finding tangled and complex components in the ultimate design. Aspect oriented ADLs have emerged to overcome this problem; however, imposing radical changes to existing architectural modeling methods is not easily acceptable by architects. In this paper, we present a method to enhance conventional software architecture description languages through utilization of aspect features with special focuses on security. To achieve the goal, aspectable NFRs have been clarified; then, for their description in the software architecture, an extension to xADL 2.0 [E.M. Dashofy, 2005] has been proposed; finally, we illustrate this material along with a case study.","PeriodicalId":273688,"journal":{"name":"14th Asia-Pacific Software Engineering Conference (APSEC'07)","volume":"82 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"14th Asia-Pacific Software Engineering Conference (APSEC'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC.2007.65","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Complexity of the software development process is often increased by actuality of crosscutting concerns in software requirements; moreover, software security as a particular non-functional requirement of software systems is often addressed late in the software development process. Modeling and analyzing of these concerns and especially security in the software architecture facilitate detecting architectural vulnerabilities, decrease costs of the software maintenance, and reduce finding tangled and complex components in the ultimate design. Aspect oriented ADLs have emerged to overcome this problem; however, imposing radical changes to existing architectural modeling methods is not easily acceptable by architects. In this paper, we present a method to enhance conventional software architecture description languages through utilization of aspect features with special focuses on security. To achieve the goal, aspectable NFRs have been clarified; then, for their description in the software architecture, an extension to xADL 2.0 [E.M. Dashofy, 2005] has been proposed; finally, we illustrate this material along with a case study.

查看原文本刊更多论文

将安全性作为可考虑的NFR注入到软件架构中

软件开发过程的复杂性常常因软件需求中横切关注点的现实而增加;此外，软件安全性作为软件系统的一种特殊的非功能性需求，通常在软件开发过程的后期才得到解决。建模和分析这些关注点，特别是软件体系结构中的安全性，有助于检测体系结构漏洞，降低软件维护成本，并减少在最终设计中发现纠缠和复杂的组件。面向方面的adl的出现就是为了克服这个问题;然而，对现有的体系结构建模方法进行根本性的改变并不容易被架构师所接受。本文提出了一种利用方面特征来增强传统软件体系结构描述语言的方法，并特别关注安全性。为实现这一目标，已澄清了可考虑的非自然灾害;然后，对于它们在软件体系结构中的描述，xADL 2.0的扩展[E.M.]Dashofy, 2005]已经提出;最后，我们将通过案例研究来说明这些材料。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

14th Asia-Pacific Software Engineering Conference (APSEC'07)

自引率

0.00%

发文量