{"title":"Enforcing Security and Privacy via a Cooperation of Security Experts and Software Engineers: A Model-Based Vision","authors":"Marcus Hilbrich, Markus Frank","doi":"10.1109/SC2.2017.43","DOIUrl":null,"url":null,"abstract":"In an early phase of a software development process (requirement analysis), functional and non-function requirements are gathered. While a lot of research has been done on how to bring functional requirements into the software, non-functional requirements are still challenging. One of the reasons is that non-functional requirements are often hard to measure and hard to test. Unfortunately, security, privacy, and data protections are such non-functional requirements. To make things even more complicate, software engineering is a social process. This means multiple parties (i.e., security experts, software architects, and programmers) have to work together, which will result unavoidable in misunderstandings and misinterpretation. Therefore, it is often not clear if security concerns are implemented correctly, or have been at least formalized correctly for later implementation during the requirement analysis. This paper is a discussion starter, on how to overcome communication-based problems, ensure that security concerns are implemented correctly, and how to avoid software erosion that later on breaks security concerns. Therefore, we discuss strategies which combine security concepts with software engineering methods by the intensive use of models. Such models are already used in academia and even in industry. We recommend to use models more often, more intensive, and for more concerns.","PeriodicalId":188326,"journal":{"name":"2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SC2.2017.43","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
In an early phase of a software development process (requirement analysis), functional and non-function requirements are gathered. While a lot of research has been done on how to bring functional requirements into the software, non-functional requirements are still challenging. One of the reasons is that non-functional requirements are often hard to measure and hard to test. Unfortunately, security, privacy, and data protections are such non-functional requirements. To make things even more complicate, software engineering is a social process. This means multiple parties (i.e., security experts, software architects, and programmers) have to work together, which will result unavoidable in misunderstandings and misinterpretation. Therefore, it is often not clear if security concerns are implemented correctly, or have been at least formalized correctly for later implementation during the requirement analysis. This paper is a discussion starter, on how to overcome communication-based problems, ensure that security concerns are implemented correctly, and how to avoid software erosion that later on breaks security concerns. Therefore, we discuss strategies which combine security concepts with software engineering methods by the intensive use of models. Such models are already used in academia and even in industry. We recommend to use models more often, more intensive, and for more concerns.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
