SECURITY AS NON-FUNCTIONAL REQUIREMENT IN SOFTWARE ENGINEERING

Slides:

Advertisements

Similar presentations

Chapter 6 HCI in the software process. Software engineering and the design process for interactive systems Usability engineering Iterative design and.

Advertisements

Object-Oriented Analysis and Design LECTURE 3: REQUIREMENTS DISCIPLINE.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Chapter 11 Artificial Intelligence and Expert Systems.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

The Architecture Design Process

Chapter 6 Database Design

Requirements Analysis 5. 1 CASE b505.ppt © Copyright De Montfort University 2000 All Rights Reserved INFO2005 Requirements Analysis CASE Computer.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

OHT 3.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 The need for comprehensive software quality requirements Classification.

Chapter 9 Database Design

Creating Research proposal. What is a Marketing or Business Research Proposal? “A plan that offers ideas for conducting research”. “A marketing research.

Model-Driven User Requirements Specification using SysML Authors: Michel dos Santos Soares, Jos Vrancken Source: Journal of Software(JSW), Vol. 3, No.

S/W Project Management

Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman MODULE 14 CASE TOOLS Learning Units 14.1 CASE tools and their importance 14.2.

Architecting secure software systems

ITEC224 Database Programming

Part3 Database Analysis and Design Techniques Chapter 04- Overview of Database Planning, Design and Administration Database Systems Lu Wei College of Software.

INFORMATION SYSTEMS Overview

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Week 4 Lecture Part 3 of 3 Database Design Samuel ConnSamuel Conn, Faculty Suggestions for using the Lecture Slides.

11 C H A P T E R Artificial Intelligence and Expert Systems.

2Object-Oriented Analysis and Design with the Unified Process The Requirements Discipline in More Detail  Focus shifts from defining to realizing objectives.

Software Engineering Quality What is Quality? Quality software is software that satisfies a user’s requirements, whether that is explicit or implicit.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

OHTO -99 SOFTWARE ENGINEERING “SOFTWARE PRODUCT QUALITY” Today: - Software quality - Quality Components - ”Good” software properties.

Software quality factors

Fault Tolerance Benchmarking. 2 Owerview What is Benchmarking? What is Dependability? What is Dependability Benchmarking? What is the relation between.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Integrating FRs and NFRs: A Use Case and Goal Driven Approach Presented by Chin-Yi Tsai.

ITEC 1010 Information and Organizations Chapter V Expert Systems.

5. 2Object-Oriented Analysis and Design with the Unified Process Objectives  Describe the activities of the requirements discipline  Describe the difference.

Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University

1 Week 5 Software Engineering Fall Term 2015 Marymount University School of Business Administration Professor Suydam.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Security Methods and Practice CET4884

Advanced Higher Computing Science

Chapter 2 Object-Oriented Paradigm Overview

Chapter 19: Network Management

A Hierarchical Model for Object-Oriented Design Quality Assessment

Prototyping in the software process

DATA COLLECTION METHODS IN NURSING RESEARCH

Non Functional Requirements (NFRs)

Requirements Engineering Process

The Development Process of Web Applications

Object-Oriented Analysis and Design

GWE Core Grid Wizard Enterprise (

Software Quality Assurance Software Quality Factor

MCTS Guide to Microsoft Windows 7

Software Engineering (CSI 321)

Developing Information Systems

Chapter 6 Database Design

Evaluating a Real-time Anomaly-based IDS

CSC480 Software Engineering

HCI in the software process

The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.

The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.

Defining the Activities

Chapter 27 Security Engineering

Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.

HCI in the software process

HCI in the software process

ONLINE SECURE DATA SERVICE

Lecture # 7 System Requirements

Human Computer Interaction Lecture 14 HCI in Software Process

Information Systems Development MIS331

UML Design for an Automated Registration System

Presentation transcript:

SECURITY AS NON-FUNCTIONAL REQUIREMENT IN SOFTWARE ENGINEERING CSC 532 TERM PAPER SECURITY AS NON-FUNCTIONAL REQUIREMENT IN SOFTWARE ENGINEERING PUNIT S VORA

What is Non- Functional Requirement (NFR)? HOW THE SYSTEM BEHAVES WITH RESPECT TO SOME OBSERVABLE ATTRIBUTES LIKE SECURITY PERFORMANCE RELIABILITY REUSABILITY PORTABILITY NEEDED FOR MODELING A COMPLETE SYSTEM AND REDUCE FUTURE MAINTENANCE COSTS

Why a Problematic Area? OFTEN REPRESENTED AS SECOND CLASS TYPE OF REQUIREMENTS FREQUENTLY NEGLECTED OR FORGOTTEN. NO COMPREHENSIVE AND FORMALLY DEFINED PROCESS AVAILABLE LIKE “USE CASES” FOR SPECIFYING FUNCTIONAL REQUIREMENTS CANNOT BE REFINED ACCURATELY FROM ABSTRACT USER REQUIREMENTS AND GOALS

CURRENT CLASSIFICATION OF NFRs 1A) QUANTITATIVE: SYSTEM PERFORMANCE, OPERATION ETC. 1B) QUALITATIVE: LOOK AND FEEL 2A) CONSUMER: EFFICIENCY AND CORRECTNESS 2B) TECHNICAL: SCOPE OR COMPLETENESS DEALING WITH NFR: A) PROCESS ORIENTED: INTEGRATE NFRs INTO DESIGN PROCESS B) PRODUCT ORIENDTED: EVALUATION OF END PRODUCTS TO CHECK IF NFR SATISFIED

PROPOSED APPROACHES FOR NFR CAPTURE AND MODELLING: Goal Graph Method: Includes non-functional requirement goals (security, performance etc.), satisficing goals (category of design decisions that may be adopted in order to satisfy one or more NFRs) and argumentation goals (formal or informal claims that provide support of counter evidence for a goal or goal refinement). 2) Performance Case: which are modeled like use cases (contains identifying information, description of action steps and links to other related information). 3) Abuse cases: A family of complete transactions between one or more actors and system that result in harm to the system or the process. It also includes a description of the range of security privileges that may be abused. 4) UMLsec: An extension to UML to specifically incorporate the security part of the NFRs. The extension is given in form of a UML profile using the standard UML extension mechanisms.

PROBLEM WITH CURRENT SECURITY MONITORING TOOLS: CLUSTER SECURITY AS A NFR: PROBLEM WITH CURRENT SECURITY MONITORING TOOLS: Cluster security is different from network security. Data from Access Logs and Intrusion Detection Systems easily overwhelm security engineer. little “security” information obtained from visualizations of raw data of a host. Don’t take advantage of the inherent visual recognition and reasoning capabilities of humans.

A SECURITY MONITORING TOOL FOR CLUSTER COMPUTING NVisionCC (CC = Cluster Computing) : A SECURITY MONITORING TOOL FOR CLUSTER COMPUTING developed by NCSA (National Center for Supercomputing Applications at UIUC) Emphasizes Situational Awareness & Visual Reasoning Visual Information Seeking Mantra (“Overview first, zoom and filter, then details on-demand”) Easily comprehensible visual interface on single screen. Alerts point to nodes where potential security breach observed.

NVisionCC: contd. implemented as an interface plug-in extension of Clumon, a cluster performance monitoring tool developed at NCSA Depends on the data collection and logging facilities of Clumon It currently includes : Process Monitor Module : tracks processes on each node Port Scanner Module : scans each node for open network ports File Integrity Module : validates identity of disk files, particularly files that hackers frequently try to alter

Basic Visualization design elements of NVisionCC : • All nodes of cluster shown on one screen: adjacent in space. • Overview of entire cluster with drill down to areas of interest and raw data details on demand at the individual node level. • Different levels of security status: critical, bad, suspicious, and normal. • Process Alert View: provides decision-making assistance by consolidating alerts from all nodes into a prioritized list. • Host Level View

HOW IT LOOKS LIKE?

Advantages of NVisionCC, Why is it good? Tailored specifically for Cluster security. Is near real-time, thus security status can be continuously monitored. Allows easy visualization with ‘deeper’ views for the select host/node among the cluster.

CONCLUSION essential to develop methods that allow the treatment of non-functional requirement in tandem with the functional requirements Cluster security is a critical non-functional requirement that has to be addressed differently from network security NVisionCC is designed effectively to monitor security on large size clusters

THANKYOU!! QUESTIONS??