Presentation is loading. Please wait.

Presentation is loading. Please wait.

Capturing, Organizing, and Reusing Knowledge of NFRs: An NFR Pattern Approach Sam Supakkul 1 Tom Hill 2 Ebenezer Akin Oladimeji 3 Lawrence Chung 1 1 The.

Published byMarcus Little Modified over 9 years ago

Similar presentations

Presentation on theme: "Capturing, Organizing, and Reusing Knowledge of NFRs: An NFR Pattern Approach Sam Supakkul 1 Tom Hill 2 Ebenezer Akin Oladimeji 3 Lawrence Chung 1 1 The."— Presentation transcript:

1 Capturing, Organizing, and Reusing Knowledge of NFRs: An NFR Pattern Approach Sam Supakkul 1 Tom Hill 2 Ebenezer Akin Oladimeji 3 Lawrence Chung 1 1 The University of Texas at Dallas 2 EDS, an HP company 3 Verizon Communications

2 Security = “bad things to be prevented” * * C. Haley and B. Nuseibeh, IEEE TSE, 2008 To prevent such incident, we need to know: Meaning of credit card security? Problems suffered by TJX? Root causes of those problems? Mitigation alternatives of the problems and their causes? Choosing and developing the mitigations with consideration of other organizational needs? The TJX incident, the largest credit card theft in history

3 Difficult to get technical details from case reports The TJX case attack scenario Developed after: reading over 30 articles studying computer security educated assumptions Problem: Lack of security knowledge

4 Problem: Difficult to possess necessary NFRs related knowledge

5 A solution: Applying NFRs knowledge captured as patterns

6 Goal Pattern Name: FISMA Security Objectives Objective: refine Security Domain: Model: Known uses: FISMA, US military Goal pattern captures a definition of an NFR

7 Problem pattern Name: TJX Security Problems Domain: Objective: break Privacy[Payment card info] Model: Experiences: TJX Problem pattern captures an undesirable situation that can hurt an NFR

8 Causal Attribution Pattern Name: Unauthorized Server Access Causes Domain: Objective: make Unauthorized Access [Server] Model: Experiences: TJX Causal Attribution pattern captures causes and root causes of a problem

9 Problem classification Undesirable situation Undesirable operation Vulnerability

10 Problem mitigation classification Undesirable situation Undesirable operation Vulnerability Change environment to that with more acceptable risks Prevent the operation from being realized Prevent the operation from causing the undesirable situation Prevent/limit the effect on the goal

11 Solution Alternatives Pattern Name: Unauthorized Server Access Mitigation Domain: Objective: hurt Unauthorized access [server] Model: Experiences: Name: Masquerading User Login Mitigation Domain: Objective: break Masquerading user login Model: Experiences: Name: Clear text ID/password Mitigation Domain: Objective: break Clear text ID/password Mitigation Model: Experiences:

12 Alternatives Selection Pattern Name: Usability Driven Unauthorized Server Access Mitigation Domain: Objective: select Unauthorized Server Access Mitigation, Masquerading User Login Mitigation, Clear Text ID/Password Mitigation Model: Experiences: select

13 Result of a selection pattern project Selection Pattern Goal PatternProblem PatternCasual Pattern Alternatives Patterns

14 Requirements Pattern What are requirements?

15 Requirements Assumption Requirements Goals assignable to agents in the software-to-be [van Lamsweerde, ICSE00] Requirements “requirements that indicate what the customer needs from the system, described in terms of its effect on the environment” [Gunter, Gunter, Jackson, Zave, IEEE Software 2000] World RequirementSpecificationProgram Machine RequirementsSpecifications [R. Seater, D. Jackson, IWAAPF’06] Problem Frames

16 Requirements Pattern Name: Strong password requirements Domain: Objective: make Non-dictionary password, Frequently changed password Model: Experiences:

17 Pattern organization

18 Pattern specialization Properties Specialization of context/topic More restrictive content

19 Pattern aggregation Manual application of multiple patterns -Know which patterns to use -Know which order to apply -But flexible Pre-assembled patterns into an aggregate pattern -Ready-to-use -More cohesive knowledge -Narrower applicability

20 Pattern classification/meta-pattern [Supakkul, Hill, Oladimeji, Chung, PLoP09]

21 Pattern operations Search operation Apply operation Examples of the apply operation

22 Conclusion Contributions –Capturing and reusing different kinds of NFR knowledge using patterns –Organization of patterns along the 3 dim. Future work –More precise definition of the concepts –Tool support to verify the concepts –More case studies to validate the general applicability for other NFRs

23 Capturing, Organizing, and Reusing Knowledge of NFRs: An NFR Pattern Approach Sam Supakkul 1 Tom Hill 2 Ebenezer Akin Oladimeji 3 Lawrence Chung 1 1 The University of Texas at Dallas 2 EDS, an HP company 3 Verizon Communications

Download ppt "Capturing, Organizing, and Reusing Knowledge of NFRs: An NFR Pattern Approach Sam Supakkul 1 Tom Hill 2 Ebenezer Akin Oladimeji 3 Lawrence Chung 1 1 The."

Similar presentations

Relating Problem & Solution Structures

Relating Problem & Solution Structures
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
A UML Profile for Goal-Oriented and Use Case-Driven Representation of NFRs and FRs Sam Supakkul Titat Software LLC Lawrence Chung The.

A UML Profile for Goal-Oriented and Use Case-Driven Representation of NFRs and FRs Sam Supakkul Titat Software LLC Lawrence Chung The.
Software Project Management

Software Project Management
Auditing Concepts.

Auditing Concepts.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.

July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.

CAP 252 Lecture Topic: Requirement Analysis Class Exercise: Use Cases.
Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Requirements.

Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Requirements.
Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Dealing.

Amirkabir University of Technology, Computer Engineering Faculty, Intelligent Systems Laboratory,Requirements Engineering Course, Dr. Abdollahzadeh 1 Dealing.
Dealing with NFRs Vahid Jalali Amirkabir university of technology, Department of computer engineering and information technology, Intelligent systems laboratory,

Dealing with NFRs Vahid Jalali Amirkabir university of technology, Department of computer engineering and information technology, Intelligent systems laboratory,
UML exam advice. Minimal, yet sufficient UML course 80% of modeling can be done with 20% of the UML. Which 20% was that again? We’re supposed to be “Use.

UML exam advice. Minimal, yet sufficient UML course 80% of modeling can be done with 20% of the UML. Which 20% was that again? We’re supposed to be “Use.
University of Jyväskylä – Department of Mathematical Information Technology Computer Science Teacher Education ICNEE 2004 Topic Case Driven Approach for.

University of Jyväskylä – Department of Mathematical Information Technology Computer Science Teacher Education ICNEE 2004 Topic Case Driven Approach for.
Software Product Lines Krishna Anusha, Eturi. Introduction: A software product line is a set of software systems developed by a company that share a common.

Software Product Lines Krishna Anusha, Eturi. Introduction: A software product line is a set of software systems developed by a company that share a common.
Toward Component Non-functional Interoperability Analysis: A UML- based and Goal-oriented Approach Sam Supakkul and Lawrence Chung The University of Texas.

Toward Component Non-functional Interoperability Analysis: A UML- based and Goal-oriented Approach Sam Supakkul and Lawrence Chung The University of Texas.
Problems in handling NFR Term Paper (as-is) problem statement BY AJAYKUMAR ASWATHAPPA CS/SE 6361 EXECUTIVE.

Problems in handling NFR Term Paper (as-is) problem statement BY AJAYKUMAR ASWATHAPPA CS/SE 6361 EXECUTIVE.
Nary Subramanian Firmware Engineer Applied Technology Division Anritsu Company Richardson, TX. Lawrence Chung.

Nary Subramanian Firmware Engineer Applied Technology Division Anritsu Company Richardson, TX. Lawrence Chung.
SECURITY REQUIREMENT FROM PROBLEM FRAMES PERPECTIVE Fabricio Braz 01/25/08.

SECURITY REQUIREMENT FROM PROBLEM FRAMES PERPECTIVE Fabricio Braz 01/25/08.

Similar presentations

Ads by Google