Agile Modeling for Security Requirements–
Embedded Application Case Study
M.Upendra Kumar*, Dr. D. Sravan Kumar1, K.Venkateswara Rao2, A.MAdhuri3, A.V.Krishna Prasad4,
D.Shravani5
*
Research Scholar JNTUH and Associate Professor CSE MGIT Hyderabad A.P. India Email: [email protected]
1
Principal and Professor CSE and IT KITE Women’s College of Professional Engineering Sciences Hyderabad A.P. Email: [email protected]
2
Associate Professor Department of CSE JNTUCEH Hyderabad A.P. India Email: [email protected]
3
M.Tech. CSE Student JNTU Hyderabad A.P. India. Email: [email protected]
4
Research Scholar S.V.University Tirupathi and Associate Professor Computer Science MIPGS Hyderabad A.P. Email: [email protected]
5
Research Scholar R.U. Kurnool and Assistant Professor Department of Computer Science MIPGS Hyderabad Email: [email protected]
Abstract: For a Software project to run in an incremental cycles it has to implement predecessor activities which are defined as “Project Initiation”. After the process of initiation the concept of agility is applied on project with different phases defined as Agile Analysis, Agile Design, and Agile Testing. The project which implements predecessor activities and allowed to run in these three phases of agility is called as “Microcycle”. This two step procedure is applied on real-time applications but before agile testing, model-based reviews are conducted to ensure adherence to architectural guidelines of project.
Keywords: Micro cycle, Agility, Reviews, Security Requirements, Embedded Application.
1. Agile Modeling for Security Requirements
There are three key activities to be performed prior to the start of software development namely, prespiral planning, creating the stakeholder requirements, and defining and deploying the development environment. Once the predecessor activities are completed, we are ready to start the project. The project in run as a series of incremental development efforts, each expanding and elaborating on the efforts that came before. This incremental cycle is known as the “Microcycle”. The micro cycle consists of three primary tasks done in sequence. First, analysis details the use cases and the system requirements to be implemented in the current microcycle. Second step is microcycle design. [1-5] Before going to validation testing, it is common to conduct model-based reviews. The last phase of microcycle is testing.
2. Project Initiation
Project Initiation is a predecessor activity for a project to run in an incremental cycle. It is about three things, Setting up the team along with development environment (team members are selected, organized and tasked), Understanding what the customer needs (stakeholder requirements), Planning the project (project plans will be reviewed and updated throughout the project). [6-12] This project initiation has defined with some primary concepts as:
2.1 Prespiral planning has some activities performed as executing in parallel which implies three things: Parallel activities may be done by different people, Parallel activities may be done in any order with respect to each other, Parallel activities need not be performed in some cases. The tasks in the prespiral planning activity include:
key risks and RMAs (Risk Mitigation Activities), Planning the set of microcycles and resulting prototypes, Evaluating the schedule, Reworking the schedule until it is acceptable. While creating the schedule for a project it uses different approaches like Story Points, Use case Points.
Creating the team work There exists a strong correlation between the team structure and the model organization (logical model). Teams are formed because they make coherent sense and model is organized to allow the teams to work together effectively.
Planning for reuse basic steps involved are Identifying reuse needs and goals, Identifying opportunities for reuse, Estimates the cost of constructing reusable assets, Determining which reusable assets to construct, Evaluating the impact of reuse on the schedule, Specifying how reusable assets will be managed, Specifying how existing assets will be reused in the current project and how newly constructed reusable assets will be reused in the future, Writing the reuse plan, Updating the schedule to reflect planned reuse.
Planning for risk reduction steps involved are Identify the key project hazards, Quantifying hazard severity, Determining the likelihood of these key project hazards, Computing the project risks, Ranking the project hazards in terms of risks, Specifying RMAs for key project risks, Writing the risk management plan.
Specifying logical architecture This is also known as project structure or model organization involving specification of model organization patterns and checklist for logical architecture.
Performing the initial safety and reliability analysis steps involved are Identify the hazards, Quantify the hazards in terms of likelihood and severity, Compute the risks, Perform an initial safety
analysis with FTA, Perform an initial reliability analysis with FMEA, Create the initial hazard analysis, Update the requirements to include safety and reliability requirements.
2.2 Developing stakeholder requirements tasks involved are
Defining the product vision This establishes the context of the system to be built and checklist for product vision.
Finding and outlining stakeholder requirements is to clearly and unambiguously define the requirements the system must fulfill.
Detailing the stakeholder requirements Here specifications are mentioned.
Reviewing stakeholder requirements Development team and customer must agree on what is being built after creating stakeholder requirements. And checklist the stakeholder requirements.
2.3 Defining and deploying the development environment tasks involved in this activity are Tailoring the process, Installing the development tools, Configuring the development tools, Initializing the development tools, Launching the development environment. Development tools are compilers, assemblers, linkers, debuggers, IDEs, modeling tools, etc.
3. Microcycle
The project which runs in incremental cycle is known as “Microcycle”. [13 – 26] A microcycle takes 4 to 6 weeks of duration to complete. Microcycle consists of three phases defined as Agile Analysis, Agile Design, Agile Testing.
3.1 Agile analysis The analysis phase consists of two activities defined as
Prototype definition This concentrates on requirements design, implementation, and validation phases . Implemented in CIM(Computationally Independent Model) level of MDA(Model-Driven Architecture). It uses 2 to 5 use cases and takes one week or less duration to complete. Activities involved are Plan iteration, Specify user interface (optional), Detail use case, Generate system requirements, Manage safety and reliability requirements (optional), Use case white-box analysis, Use case consistency analysis, Detail system requirements.
3.2 Agile design Optimization and use of design patterns results in optimize the system against the set of design criteria weighted by the criticality of each. Design pattern is a generalized solution to a commonly occurring problem. Each pattern has four aspects as name, solution, purpose and consequences. The design phase consists of three activities defined as
Architectural design This is the design used for gross or overall level optimization. And the tasks involved are Primary and secondary architectural views, Architectural design workflows, Optimize subsystem and component architecture, Optimize concurrency and resource management architecture, Optimize distribution architecture, Optimize safety and reliability architecture, Optimize deployment architecture, Optimize secondary architectural views, Add architecture to the target.
Mechanistic design This is used to optimize the system at the scope of the use case collaboration, that is, applies design patterns and techniques to optimize. And the tasks involved are Understand the functionality of collaboration to be optimized, Identify and rank the design criteria, Select the design pattern, Apply the design pattern, Refine the scenarios.
Detailed design This is used to optimize the system at the primitive element level. And the tasks involved are Detailed design workflow, Identifying special needs classes, Optimizing classes, Translation, Validate optimized classes, Make change set available.
3.3 Agile testing (Implementations and Validations) Uses some testing concepts of Test Driven Development, one of the agile methodologies, with some kinds of test cases as functional, quality-of-services (QoS), precondition tests, range, statistical, boundary, etc, at different levels of testing. The activities involved in this phase are defined as
Testing workflows are Formal testing, Integration testing workflows, Validation workflows. Unit test defines Unit test planning, Unit test execution.
Integration test consists of Continuous integration, Managing integration tests, Validating and accepting changes to the baseline, Making the baseline available.
Validation test defines Preparing for validation as to first extract the tests, write test plan/suites and then define and build test fixtures, Validation for Validating the prototype and repairing and rebuilding.
P re s p i ra lP la n
S t ak e ho l d er Re q ui re m e nts
D e ve lop m e nt E nvi ro nm e nt
1 : C re a te a s c he d ule
2 : C re a te a te a m w o rk
3 : P la n fo r re us e
4 : P la n fo r r is k re d uc ti o n
5 : S p e c i fy the lo g i c a l a rc hi te c ture
: P e rfo rm i ni ti a l s a fe ty a nd re li a b i li ty a na lys i s
7 : L i nk thi s p la n re p o rt w i th re q ui re m e nts
8 : D e fi ne the p ro duc t v is i o n
9 : F i nd a nd o utli ne s ta k e ho ld e r re q ui re m e nts
1 0 : D eta il the s t a k eho ld e r re q uire m e nts
1 1 : R e vi e w s ta k e ho ld e r re q ui re m e nts
1 2 : re la te the re q ui re m e nts w i th d e ve lo p m e nt e nvi ro nm e nt
1 3 : T a i lo r the p ro c e s s
1 4 : Ins ta ll the d e ve lo p m e nt to o ls
1 5 : C o nfi g ure the d e ve lo p m e nt to o ls
1 6 : Ini ti a li ze the d e ve lo p m e nt to o ls
1 7 : L a unc h the d e ve lo p m e nt to o ls
Refer to the Figure 2 below which describes Microcycle phases sequence diagram.
AgileAnalysis AgileDesign AgileTesting
1: Prototype definition is given
2: D o the Object analysis
3: send the report for designing for optimization and use of design patterns
4: Architectural design rules are applied for gross optimization
5: Mechanistic design rules are applied for system optimization
6: D etailed design rules are applied for optimization at system at primitive elements level
7: Allow for testing the design
8: Do Unit testing
9: Implement Integration testing
10: Apply Validation testing
Figure 2. Microcycle phases sequence diagram.
Before applying the testing concepts on the microcycle, reviews must be conducted. There are some steps for reviews
Model Reviews given as Determine the purpose of review, Prepare the material for the review, Disseminate the materials to reviewers, Schedule the review, Reviewers inspect the materials individually, Collectively discuss the review contents in the review proper, Collect the work items resulting from the review, Perform the work items resulting from the review.
schedule, Reviewing the defect list and defect rates (quality of project), Reviewing the reuse plan, Reviewing the risk management plan.
4. Conclusions and Future Work
In this paper we discussed about Agile Modeling for Security Requirements for an Embedded application case study using Micro cycles. Further work includes designing of dependable agile layered security architectures for technical solutions.
5. References
[1] Bruce Powel Douglass. In: Real-time agility The Harmony/ESW method for Real-time and Embedded Systems Development, Pearson Education, Inc., June 2009, pp. 197-410.
[2] Anders Mattsson, Bjorn Lundell, Brain Lings and Brain Fitzgerald, “Linking Model-Driven Development and Software Architecture: A Case Study”, IEEE Transactions on Software engineering, vol. 35, no. 1, January-February 2009.
[3] Maria Jose Escalona and Gustavo Aragon, “NDT. A Model-Driven Approach for Web Requirements”, IEEE Transactions on Software Engineering, vol. 34, no. 3, May - June 2008.
[4] Spyros T. Halkidis, Nikolaos Tsantalis, Alexander Chatzigeorgiou, and George Stephanides, “Architectural Risk Analysis of Software Systems Based on Security Patterns”, IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 3, July - September 2008. [5] Patrizio Pelliccione, Paola Inverardi, and Henry Muccini, “CHARMY: A Framework for Designing and Verifying Architectural
Specifications”, IEEE Transactions on Software Engineering, vol. 35, no. 3, May-June 2009.
[6] Jan Jurjens and Yijun Yu, “Tools for Model-based Security Engineering: Models vs. Code”, ASE 2007.
[7] Jan Jurjens, Jorg Schreck and Yijun Yu, “Automated Analysis of Permission-Based Security using UMLsec”, The Open University, GB, O2 (Germany), Munich.
[8] Bruce Powel Douglass, “Real-Time Agility The Harmony/ESW Methods for Real-Time and Embedded Systems Development”, Pearson Education Inc., 2009, pp. 193-410.
[9] Johan Peeters, “Agile Security Requirements Engineering”, Independent.
[10] Hossein Keramati Seyed, Hassan Mirian, Hosseinabadi, “Integrating Software Development Security Activities with Agile Methodologies”, Sharif University of Technology, IEEE 2008.
[11] M. Siponen, R. Baskerville, T. Kuivalainen, “Extending Security in Agile Software Development Methods”.
[12] Xiaocheng Ge, Richard F. Paige, Fiona A. C. Polack, Howard Chivers, Phillip J. Brooke, “Agile Development of Secure Web Applications”, ICWE’06, July 11-14, ACM.
[13] Chapter 9, In “Design Approaches”, pp. 133-143.
[14] David Janzen, Hossein Saiedian, “Test-Driven Development: Concepts, Taxonomy, and Future Direction”, IEEE Computer Society. [15] Lazar, B. Parv, S. Motogna, I. –G. Czibula, and C. –L. Lazar, “An Agile MDA Approach for Executable UML Structured Activities”,
Studia University Babes-Boyai, Informatica, Vol. LII, No. 2, 2007. [16] John Hunt, In: “Agile Software Construction”, Springer, London 2006.
[17] Scott W. Ambler, “Executive Summary, an Agile Approach to Enterprise Architecture”, Cutter Consortium Enterprise Architecture Executive Summary, Vol. 7, No. 5.
[18] Noura Abbas, Andrew M. Gravell, Gray B. Wills, “Historical Roots of Agile Methods” Where did Agile Thinking Come from?”, University of Southampton, UK.
[19] Tom DeMarco, Barry Boehm, “The Agile Methods Fray”, Software Technologies, IEEE Computer Society, June 2002.
[20] Jim Highsmith, Alistair Cockburn, “Agile Software Development: The Business of Innovation”, Software Management, ACM 2001. [21] Barry Boehm, Richard Turner, “Using Risk to Balance Agile and Plan-Driven Methods”, IEEE Computer Society, June 2003. [22] Jaelson Castro, Manuel Kolp, John Mylopoulos, “A Requirements-Driven Software Development Methodology”.
[23] Koen Yskout, Riccardo Scandariato, Bart De Win, Wouter Joosen, “Transforming Security Requirements into Architecture”, IEEE 2008, Third International Conference on Availability, Reliability, and Security.
[24] Meenakshi Deshmukh, “Security Requirements Engineering Process”, Seminar in Information System, Security Engineering, 2009. [25] Siv Hilde Houmb, Shareeful Islam, Eric Knauss, Jan Jurjens, Kurt Schneider, “Eliciting Security Requirements and Tracing them to Design:
An Integration of Common Criteria, Heuristics and UMLsec”, JRE_SR_Elicitation 2009.
