Integration of Security Non-Functional Requirements and Architectural Design: A Comparative Analysis

Abstract

For the last few decades, security in software has gained too much attention by the industries. Developing secure software needs to emphasis on the functional and non-functional requirements both. Functional requirements are taken into account during the early stages of development while unfortunately the non-functional requirements are either ignored or less considered which results in the high cost of maintenance after delivery of the software. This article presents a detailed and comprehensive survey with regard to the integration of security non-functional requirements into architectural design. This paper thoroughly analyzes the existing approaches which are dealing the non-functional requirements at architecture level. The architectural design can be integrated with general non-functional requirements, but the scope of this particular article is only the security related non-functional requirements. The approaches which are comprehensively described and analyzed are use case/misuse cases, goal-based analysis, scenario-based, reused-based, pattern-based, and aspect-based. We have evaluated each approach by some parameters which are described based on the existing literature and comparison has been made between the current approaches thorough proper evaluation.