安全非功能需求与建筑设计的集成:比较分析

M. Babar, Shahid Azeem, F. Arif
{"title":"安全非功能需求与建筑设计的集成:比较分析","authors":"M. Babar, Shahid Azeem, F. Arif","doi":"10.14257/ijsia.2017.11.10.05","DOIUrl":null,"url":null,"abstract":"For the last few decades, security in software has gained too much attention by the industries. Developing secure software needs to emphasis on the functional and non-functional requirements both. Functional requirements are taken into account during the early stages of development while unfortunately the non-functional requirements are either ignored or less considered which results in the high cost of maintenance after delivery of the software. This article presents a detailed and comprehensive survey with regard to the integration of security non-functional requirements into architectural design. This paper thoroughly analyzes the existing approaches which are dealing the non-functional requirements at architecture level. The architectural design can be integrated with general non-functional requirements, but the scope of this particular article is only the security related non-functional requirements. The approaches which are comprehensively described and analyzed are use case/misuse cases, goal-based analysis, scenario-based, reused-based, pattern-based, and aspect-based. We have evaluated each approach by some parameters which are described based on the existing literature and comparison has been made between the current approaches thorough proper evaluation.","PeriodicalId":46187,"journal":{"name":"International Journal of Security and Its Applications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Integration of Security Non-Functional Requirements and Architectural Design: A Comparative Analysis\",\"authors\":\"M. Babar, Shahid Azeem, F. Arif\",\"doi\":\"10.14257/ijsia.2017.11.10.05\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"For the last few decades, security in software has gained too much attention by the industries. Developing secure software needs to emphasis on the functional and non-functional requirements both. Functional requirements are taken into account during the early stages of development while unfortunately the non-functional requirements are either ignored or less considered which results in the high cost of maintenance after delivery of the software. This article presents a detailed and comprehensive survey with regard to the integration of security non-functional requirements into architectural design. This paper thoroughly analyzes the existing approaches which are dealing the non-functional requirements at architecture level. The architectural design can be integrated with general non-functional requirements, but the scope of this particular article is only the security related non-functional requirements. The approaches which are comprehensively described and analyzed are use case/misuse cases, goal-based analysis, scenario-based, reused-based, pattern-based, and aspect-based. We have evaluated each approach by some parameters which are described based on the existing literature and comparison has been made between the current approaches thorough proper evaluation.\",\"PeriodicalId\":46187,\"journal\":{\"name\":\"International Journal of Security and Its Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Security and Its Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14257/ijsia.2017.11.10.05\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Security and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14257/ijsia.2017.11.10.05","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

在过去的几十年里,软件的安全性受到了业界的太多关注。开发安全软件需要同时强调功能和非功能需求。在开发的早期阶段,功能需求被考虑在内,而不幸的是,非功能需求要么被忽视,要么被较少考虑,这导致软件交付后的维护成本很高。本文详细而全面地介绍了将安全性非功能性需求集成到架构设计中的情况。本文深入分析了现有的在体系结构层次上处理非功能需求的方法。体系结构设计可以与一般的非功能性需求集成,但本文的范围仅限于与安全相关的非功能需求。全面描述和分析的方法有用例/误用用例、基于目标的分析、基于场景的分析、重用的分析、模式的分析和方面的分析。我们根据现有文献描述的一些参数对每种方法进行了评估,并通过适当的评估对当前方法进行了比较。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Integration of Security Non-Functional Requirements and Architectural Design: A Comparative Analysis
For the last few decades, security in software has gained too much attention by the industries. Developing secure software needs to emphasis on the functional and non-functional requirements both. Functional requirements are taken into account during the early stages of development while unfortunately the non-functional requirements are either ignored or less considered which results in the high cost of maintenance after delivery of the software. This article presents a detailed and comprehensive survey with regard to the integration of security non-functional requirements into architectural design. This paper thoroughly analyzes the existing approaches which are dealing the non-functional requirements at architecture level. The architectural design can be integrated with general non-functional requirements, but the scope of this particular article is only the security related non-functional requirements. The approaches which are comprehensively described and analyzed are use case/misuse cases, goal-based analysis, scenario-based, reused-based, pattern-based, and aspect-based. We have evaluated each approach by some parameters which are described based on the existing literature and comparison has been made between the current approaches thorough proper evaluation.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Security and Its Applications
International Journal of Security and Its Applications COMPUTER SCIENCE, INFORMATION SYSTEMS-
自引率
0.00%
发文量
0
期刊介绍: IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信