The focus of the paper is on the analysis of performance effects of different security solutions modeled as aspects in UML. Aspect oriented modeling (AOM) allows software designers to isolate and separately address solutions for crosscutting concerns, which are defined as distinct UML aspect models, then are composed with the primary UML model of the system under development. For performance analysis we use techniques developed previously in the PUMA project, which take as input UML models annotated with the standard UML Profile for Schedulability, Performance and Time (SPT), and transform them first into Core Scenario Model (CSM) and then into different performance models. The contribution of this paper is in performing the composition of the aspects with the primary model at the CSM level. The input is represented by the primary model and a number of aspect models in UML+SPT, which are processed as follows: a) converted separately to CSM; b) composed into a single CSM model; c) transformed into a Layered Queueing Networks (LQN) model and d) analyzed. The proposed approach is illustrated with a case study based on two standards, TPC-W and SSL.
Abstract-Software projects are often faced with unanticipated problems caused by e.g. changes in the development environment resulting in delays or threatening the ability of the project to succeed. Managing these uncertainties is a challenging task at all phases of the development, but nevertheless crucial in controlling schedule and costs. Therefore software development risks need to be controlled as early as possible. As software development risks are not merely of technical nature it is equally important to tackle non-technical risks. The paper presents a goal-driven software development risk management model (GSRM) that takes a holistic view on development, taking both technical and non-technical development components into consideration. The focus of the paper is on how to integrate GSRM and particularly the holistic risk perspective into requirements engineering. GSRM effectively identifies and makes explicit the critical project goals (for arriving at a successful project) and the risk factors that may obstruct these goals. GSRM also helps in planning how to employ control actions for mitigating risks and by that increase the ability to meet project goals. The integrated requirements engineering risk management model has been applied to an on-going development project in a low-cost development environment (Bangladesh). The result showed it to be relatively trivial to integrate the model into requirements engineering activities and that the model did indeed contribute to the overall project success.
Abstract. Context & motivation:More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to finish on time and in budget. Principal ideas/results: In this paper, we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identified with help of a Bayesian classifier. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a workflow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process. We discuss limitations and potential of this approach.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.