Capturing, Organizing, and Reusing Knowledge of NFRs: An NFR Pattern Approach Sam Supakkul 1 Tom Hill 2 Ebenezer Akin Oladimeji 3 Lawrence Chung 1 1 The.

Slides:

Advertisements

Similar presentations

Relating Problem & Solution Structures

Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

A UML Profile for Goal-Oriented and Use Case-Driven Representation of NFRs and FRs Sam Supakkul Titat Software LLC Lawrence Chung The.

Software Project Management

Auditing Concepts.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

Software Testing and Quality Assurance

CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.

Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Requirements.

Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Dealing.

Dealing with NFRs Vahid Jalali Amirkabir university of technology, Department of computer engineering and information technology, Intelligent systems laboratory,

UML exam advice. Minimal, yet sufficient UML course 80% of modeling can be done with 20% of the UML. Which 20% was that again? We’re supposed to be “Use.

University of Jyväskylä – Department of Mathematical Information Technology Computer Science Teacher Education ICNEE 2004 Topic Case Driven Approach for.

Software Product Lines Krishna Anusha, Eturi. Introduction: A software product line is a set of software systems developed by a company that share a common.

Toward Component Non-functional Interoperability Analysis: A UML- based and Goal-oriented Approach Sam Supakkul and Lawrence Chung The University of Texas.

Problems in handling NFR Term Paper (as-is) problem statement BY AJAYKUMAR ASWATHAPPA CS/SE 6361 EXECUTIVE.

Nary Subramanian Firmware Engineer Applied Technology Division Anritsu Company Richardson, TX. Lawrence Chung.

SECURITY REQUIREMENT FROM PROBLEM FRAMES PERPECTIVE Fabricio Braz 01/25/08.

RUP Requirements RUP Artifacts and Deliverables

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Business Analysis and Essential Competencies

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Applying a Goal-Oriented Method for Hazard Analysis: A Case Study Sam Supakkul The University of Texas at Dallas Lawrence Chung The.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

Software Requirements Presented By Dr. Shazzad Hosain.

Requirements Elicitation. Who are the stakeholders in determining system requirements, and how does their viewpoint influence the process? How are non-technical.

Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.

Software Requirements (Advanced Topics) “Walking on water and developing software from a specification are easy if both are frozen.” --Edward V Berard.

COMP 6471 Software Design Methodologies Winter 2006 Dr Greg Butler

Sam Supakkul Lawrence Chung The University of Texas at Dallas

Approaching a Problem Where do we start? How do we proceed?

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

GRASP: Designing Objects with Responsibilities

SYSTEM TESTING AND DEPLOYMENT CHAPTER 8. Chapter 8: System Testing and Deployment 2 KNOWLEDGE CAPTURE (Creation) KNOWLEDGE TRANSFER KNOWLEDGE SHARING.

For Goal-Driven Business Process Modeling Saeed A.Behnam,  Daniel Amyot, Gunter Mussbacher SITE, University of.

Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?

Capturing and Reusing Functional and Non-functional Requirements Knowledge: A Goal-Object Pattern Approach Lawrence Chung and Sam Supakkul The University.

COTS-Aware Requirements Engineering and Software Architecting

By Rashid Khan Lesson 6-Building a Directory Service.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Software Verification and Validation 1 Security over Hadoop - Map-Reduce as a Service Team Sofia Neata Sorin Dascalu Tiberiu Popa Tudor Scurtu November.

Software Architecture Evaluation Methodologies Presented By: Anthony Register.

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Copyright ©2004 Virtusa Corporation | CONFIDENTIAL Requirement Engineering Virtusa Training Group 2004 Trainer: Ojitha Kumanayaka Duration : 1 hour.

Developing Adaptable Software Architectures for Real-Time Systems Using Design Patterns Lawrence Chung, Kendra Cooper, Anna Yi The University of Texas.

Identification Of Requirements From a Given Problem Statement.

1 Requirements Engineering From System Goals to UML Models to Software Specifications Axel Van Lamsweerde.

Software Architecting Using Goals, Scenarios, Patterns and Objects Lawrence Chung The University of Texas at Dallas.

Integrating FRs and NFRs: A Use Case and Goal Driven Approach Sam Supakkul Network Surveillance Systems MCI Lawrence Chung Dept. of.

Unit 7 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/3/2016 Instructor: Williams Obinkyereh.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Dillon: CSE470: ANALYSIS1 Requirements l Specify functionality »model objects and resources »model behavior l Specify data interfaces »type, quantity,

Auditing Concepts.

Intelligent Systems Development

Common Methods Used to Commit Computer Crimes

Security Issues Formalization

Advance Software Engineering

The University of Texas at Dallas

CIS 333Competitive Success/tutorialrank.com

CIS 333 Education for Service-- tutorialrank.com.

Unit 7 NT1330 Client-Server Networking II Date: 7/26/2016

Nessus Vulnerability Scanning

A Tutorial for a RE-Tool

IS4680 Security Auditing for Compliance

Lorenzo Biasiolo 3°AI INFORMATION SECURITY.

Requirements Document

Presentation transcript:

Capturing, Organizing, and Reusing Knowledge of NFRs: An NFR Pattern Approach Sam Supakkul 1 Tom Hill 2 Ebenezer Akin Oladimeji 3 Lawrence Chung 1 1 The University of Texas at Dallas 2 EDS, an HP company 3 Verizon Communications

Security = “bad things to be prevented” * * C. Haley and B. Nuseibeh, IEEE TSE, 2008 To prevent such incident, we need to know: Meaning of credit card security? Problems suffered by TJX? Root causes of those problems? Mitigation alternatives of the problems and their causes? Choosing and developing the mitigations with consideration of other organizational needs? The TJX incident, the largest credit card theft in history

Difficult to get technical details from case reports The TJX case attack scenario Developed after: reading over 30 articles studying computer security educated assumptions Problem: Lack of security knowledge

Problem: Difficult to possess necessary NFRs related knowledge

A solution: Applying NFRs knowledge captured as patterns

Goal Pattern Name: FISMA Security Objectives Objective: refine Security Domain: Model: Known uses: FISMA, US military Goal pattern captures a definition of an NFR

Problem pattern Name: TJX Security Problems Domain: Objective: break Privacy[Payment card info] Model: Experiences: TJX Problem pattern captures an undesirable situation that can hurt an NFR

Causal Attribution Pattern Name: Unauthorized Server Access Causes Domain: Objective: make Unauthorized Access [Server] Model: Experiences: TJX Causal Attribution pattern captures causes and root causes of a problem

Problem classification Undesirable situation Undesirable operation Vulnerability

Problem mitigation classification Undesirable situation Undesirable operation Vulnerability Change environment to that with more acceptable risks Prevent the operation from being realized Prevent the operation from causing the undesirable situation Prevent/limit the effect on the goal

Solution Alternatives Pattern Name: Unauthorized Server Access Mitigation Domain: Objective: hurt Unauthorized access [server] Model: Experiences: Name: Masquerading User Login Mitigation Domain: Objective: break Masquerading user login Model: Experiences: Name: Clear text ID/password Mitigation Domain: Objective: break Clear text ID/password Mitigation Model: Experiences:

Alternatives Selection Pattern Name: Usability Driven Unauthorized Server Access Mitigation Domain: Objective: select Unauthorized Server Access Mitigation, Masquerading User Login Mitigation, Clear Text ID/Password Mitigation Model: Experiences: select

Result of a selection pattern project Selection Pattern Goal PatternProblem PatternCasual Pattern Alternatives Patterns

Requirements Pattern What are requirements?

Requirements Assumption Requirements Goals assignable to agents in the software-to-be [van Lamsweerde, ICSE00] Requirements “requirements that indicate what the customer needs from the system, described in terms of its effect on the environment” [Gunter, Gunter, Jackson, Zave, IEEE Software 2000] World RequirementSpecificationProgram Machine RequirementsSpecifications [R. Seater, D. Jackson, IWAAPF’06] Problem Frames

Requirements Pattern Name: Strong password requirements Domain: Objective: make Non-dictionary password, Frequently changed password Model: Experiences:

Pattern organization

Pattern specialization Properties Specialization of context/topic More restrictive content

Pattern aggregation Manual application of multiple patterns -Know which patterns to use -Know which order to apply -But flexible Pre-assembled patterns into an aggregate pattern -Ready-to-use -More cohesive knowledge -Narrower applicability

Pattern classification/meta-pattern [Supakkul, Hill, Oladimeji, Chung, PLoP09]

Pattern operations Search operation Apply operation Examples of the apply operation

Conclusion Contributions –Capturing and reusing different kinds of NFR knowledge using patterns –Organization of patterns along the 3 dim. Future work –More precise definition of the concepts –Tool support to verify the concepts –More case studies to validate the general applicability for other NFRs

Capturing, Organizing, and Reusing Knowledge of NFRs: An NFR Pattern Approach Sam Supakkul 1 Tom Hill 2 Ebenezer Akin Oladimeji 3 Lawrence Chung 1 1 The University of Texas at Dallas 2 EDS, an HP company 3 Verizon Communications