Security and requirements engineering are two of the most important factors of success in the development of a software product line (SPL) due to the complexity and extensive nature of them, given that a weakness in security can cause problems throughout the products of a product line. Goal-driven security requirements engineering approaches, such as Secure Tropos, have been proposed in the literature as a suitable paradigm for elicitation of security requirements and their analysis on both a social and a technical dimension. Nevertheless, on one hand, goal-driven security requirements engineering methodologies are not appropriately tailored to the specific demands of SPL, while on the other hand specific proposals of SPL engineering have traditionally ignored security requirements. This paper presents work that fills this gap by proposing “SecureTropos-SPL” framework, an extension to Secure Tropos to support SPL security requirements engineering which is based on security goals and driven by security risks.
Bibliographical note© 2014. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/
- Security requirements
- Product lines
- Requirements engineering
- Security requirement engineering
- Secure Tropos