Integration of Security Non-Functional Requirements and Architectural Design: A Comparative Analysis

International Journal of Security and Its Applications Pub Date : 2017-10-31 DOI:10.14257/ijsia.2017.11.10.05

M. Babar, Shahid Azeem, F. Arif

{"title":"Integration of Security Non-Functional Requirements and Architectural Design: A Comparative Analysis","authors":"M. Babar, Shahid Azeem, F. Arif","doi":"10.14257/ijsia.2017.11.10.05","DOIUrl":null,"url":null,"abstract":"For the last few decades, security in software has gained too much attention by the industries. Developing secure software needs to emphasis on the functional and non-functional requirements both. Functional requirements are taken into account during the early stages of development while unfortunately the non-functional requirements are either ignored or less considered which results in the high cost of maintenance after delivery of the software. This article presents a detailed and comprehensive survey with regard to the integration of security non-functional requirements into architectural design. This paper thoroughly analyzes the existing approaches which are dealing the non-functional requirements at architecture level. The architectural design can be integrated with general non-functional requirements, but the scope of this particular article is only the security related non-functional requirements. The approaches which are comprehensively described and analyzed are use case/misuse cases, goal-based analysis, scenario-based, reused-based, pattern-based, and aspect-based. We have evaluated each approach by some parameters which are described based on the existing literature and comparison has been made between the current approaches thorough proper evaluation.","PeriodicalId":46187,"journal":{"name":"International Journal of Security and Its Applications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Security and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14257/ijsia.2017.11.10.05","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

For the last few decades, security in software has gained too much attention by the industries. Developing secure software needs to emphasis on the functional and non-functional requirements both. Functional requirements are taken into account during the early stages of development while unfortunately the non-functional requirements are either ignored or less considered which results in the high cost of maintenance after delivery of the software. This article presents a detailed and comprehensive survey with regard to the integration of security non-functional requirements into architectural design. This paper thoroughly analyzes the existing approaches which are dealing the non-functional requirements at architecture level. The architectural design can be integrated with general non-functional requirements, but the scope of this particular article is only the security related non-functional requirements. The approaches which are comprehensively described and analyzed are use case/misuse cases, goal-based analysis, scenario-based, reused-based, pattern-based, and aspect-based. We have evaluated each approach by some parameters which are described based on the existing literature and comparison has been made between the current approaches thorough proper evaluation.

查看原文本刊更多论文

安全非功能需求与建筑设计的集成：比较分析

在过去的几十年里，软件的安全性受到了业界的太多关注。开发安全软件需要同时强调功能和非功能需求。在开发的早期阶段，功能需求被考虑在内，而不幸的是，非功能需求要么被忽视，要么被较少考虑，这导致软件交付后的维护成本很高。本文详细而全面地介绍了将安全性非功能性需求集成到架构设计中的情况。本文深入分析了现有的在体系结构层次上处理非功能需求的方法。体系结构设计可以与一般的非功能性需求集成，但本文的范围仅限于与安全相关的非功能需求。全面描述和分析的方法有用例/误用用例、基于目标的分析、基于场景的分析、重用的分析、模式的分析和方面的分析。我们根据现有文献描述的一些参数对每种方法进行了评估，并通过适当的评估对当前方法进行了比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Security and Its Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-

自引率

0.00%

发文量

期刊介绍： IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security