Effective Systems Security Requirements in Product Line Engineering

Abstract

ABSTRACTRequirements engineering for complex software‐intensive systems (and other systems) requires identifying, specifying, analyzing, and reviewing system requirements early in the system development process. However, many cases overlook system security requirements, treating them as an afterthought during this important initial process stage. Missing security requirements for these system types cannot guarantee system integrity. It is not cost efficient to retrofit requirements at later stages to include missing security capabilities specified earlier in‐process. Detailed analysis and understanding of security requirements enable building confidentiality and integrity into our systems. Thus, early process activities must include security requirements engineering.Product Line Engineering development must guarantee system integrity and assurance for a “family of systems” borne from a common design. Hence, detailed requirements elicitation and specification is important early in the product‐line development and must include security requirements. Further, security requirements must revisit applicability, extension, and new security requirements specified to provide for security coverage of selected features contained within the product line's instances.This paper describes an approach to security requirements engineering identification and includes introducing a security profile to facilitate developing and evolving a secure product line for software‐intensive systems.