作为代码的安全需求:来自VeriDevOps项目的示例

2021 IEEE 29th International Requirements Engineering Conference Workshops (REW) Pub Date : 2021-09-01 DOI:10.1109/REW53955.2021.00063

Khaled Ismaeel, A. Naumchev, A. Sadovykh, D. Truscan, Eduard Paul Enoiu, C. Seceleanu

{"title":"作为代码的安全需求:来自VeriDevOps项目的示例","authors":"Khaled Ismaeel, A. Naumchev, A. Sadovykh, D. Truscan, Eduard Paul Enoiu, C. Seceleanu","doi":"10.1109/REW53955.2021.00063","DOIUrl":null,"url":null,"abstract":"This position paper presents and illustrates the concept of security requirements as code – a novel approach to security requirements specification. The aspiration to minimize code duplication and maximize its reuse has always been driving the evolution of software development approaches. Object-Oriented programming (OOP) takes these approaches to the state in which the resulting code conceptually maps to the problem that the code is supposed to solve. People nowadays start learning to program in the primary school. On the other hand, requirements engineers still heavily rely on natural language based techniques to specify requirements. The key idea of this paper is: artifacts produced by the requirements process should be treated as input to the regular object-oriented analysis. Therefore, the contribution of this paper is the presentation of the major concepts for the security requirements as the code method that is illustrated with a real industry example from the VeriDevOps project.","PeriodicalId":393646,"journal":{"name":"2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)","volume":"2008 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Security Requirements as Code: Example from VeriDevOps Project\",\"authors\":\"Khaled Ismaeel, A. Naumchev, A. Sadovykh, D. Truscan, Eduard Paul Enoiu, C. Seceleanu\",\"doi\":\"10.1109/REW53955.2021.00063\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This position paper presents and illustrates the concept of security requirements as code – a novel approach to security requirements specification. The aspiration to minimize code duplication and maximize its reuse has always been driving the evolution of software development approaches. Object-Oriented programming (OOP) takes these approaches to the state in which the resulting code conceptually maps to the problem that the code is supposed to solve. People nowadays start learning to program in the primary school. On the other hand, requirements engineers still heavily rely on natural language based techniques to specify requirements. The key idea of this paper is: artifacts produced by the requirements process should be treated as input to the regular object-oriented analysis. Therefore, the contribution of this paper is the presentation of the major concepts for the security requirements as the code method that is illustrated with a real industry example from the VeriDevOps project.\",\"PeriodicalId\":393646,\"journal\":{\"name\":\"2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)\",\"volume\":\"2008 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/REW53955.2021.00063\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/REW53955.2021.00063","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

这份意见书提出并说明了安全需求作为代码的概念——一种安全需求规范的新方法。最小化代码重复和最大化代码重用的愿望一直推动着软件开发方法的发展。面向对象编程(OOP)采用这些方法，使结果代码在概念上映射到代码应该解决的问题。现在人们从小学就开始学习编程。另一方面，需求工程师仍然严重依赖基于自然语言的技术来指定需求。本文的关键思想是:需求过程产生的工件应该被视为常规面向对象分析的输入。因此，本文的贡献在于将安全性需求的主要概念作为代码方法进行了介绍，并通过VeriDevOps项目中的实际行业示例进行了说明。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security Requirements as Code: Example from VeriDevOps Project

This position paper presents and illustrates the concept of security requirements as code – a novel approach to security requirements specification. The aspiration to minimize code duplication and maximize its reuse has always been driving the evolution of software development approaches. Object-Oriented programming (OOP) takes these approaches to the state in which the resulting code conceptually maps to the problem that the code is supposed to solve. People nowadays start learning to program in the primary school. On the other hand, requirements engineers still heavily rely on natural language based techniques to specify requirements. The key idea of this paper is: artifacts produced by the requirements process should be treated as input to the regular object-oriented analysis. Therefore, the contribution of this paper is the presentation of the major concepts for the security requirements as the code method that is illustrated with a real industry example from the VeriDevOps project.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE 29th International Requirements Engineering Conference Workshops (REW)

自引率

0.00%

发文量