IDEAS09: Aplicando un Proceso de Ingeniería de Requisitos de Seguridad de Dominio para Líneas de Producto Software (IDEAS09: Applying a Security Domain Requirements Engineering Process for Software Product Lines)

Daniel Mellado (Daniel.Mellado@uclm.es), Eduardo Fernández-Medina (Eduardo.FdezMedina@uclm.es), Mario Piattini (Mario.Piattini@uclm.es)


Universidad de Castilla-La Mancha, España
This paper appears in: Revista IEEE América Latina

Publication Date: July 2008
Volume: 6,   Issue: 3 
ISSN: 1548-0992


Abstract:
Security requirements management is especially important in software product lines, given that a weakness in security or a security breach can cause problems throughout all the products of a product line. The main contribution of this work is that of illustrating, by describing part of a real case study, a guided, systematic and intuitive way of dealing with security requirements from the early stages of the product line lifecycle by applying our proposed process of security requirements engineering for software product lines (SREPPLine), which makes it easier the variability and reusability management as well as the traceability relations of the security requirements in the product line. It is based on the use of the latest security requirements techniques, together with the integration of the Common Criteria (ISO/IEC 15408) and ISO/IEC 27001 controls, so that it facilitates the conformance of the product line and its products to the most relevant security standards with regard to the management of security requirements, such as ISO/IEC 27001 and ISO/IEC 15408.

Index Terms:
Requirements engineering, security requirements, product lines, Common Criteria, ISO/IEC 27001.   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (1111)]