TSSR: A Proposed Tool for Secure Software Requirement Management

Full Text (PDF, 366KB), PP.1-11

Views: 0 Downloads: 0

Author(s)

Mohammad Ubaidullah Bokhari 1,* Shams Tabrez Siddiqui 1

1. Department of Computer Science, Aligarh Muslim University, Aligarh, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2015.01.01

Received: 20 Mar. 2014 / Revised: 5 Jul. 2014 / Accepted: 2 Oct. 2014 / Published: 8 Dec. 2014

Index Terms

Software Development, Requirement Management Tools, Secure Software Requirement Management, Risk Analysis, Encrypted Database and Traceability

Abstract

This paper provides a unified framework in which entire design of the project can be captured right from the beginning of the software development. This paper discusses about the requirements which should be included in the development of the requirement management tools. As the requirements, criteria which have been discussed, we introduce a requirement management tool known as TSSR (Tool for Secure Software Requirement). This tool manages risk analysis, system requirements, security of the system and project, users/group restriction, encrypted database, traceability and extension of the tool to interact with external requirement management tools. The aim of this paper is to describe the TSSR framework and its four components: Planner, Modeller, Prover and Documenter which will be helpful in interacting and managing requirements with arbitrary number of external tools for secure software development.

Cite This Paper

Mohammad Ubaidullah Bokhari, Shams Tabrez Siddiqui, "TSSR: A Proposed Tool for Secure Software Requirement Management", International Journal of Information Technology and Computer Science(IJITCS), vol.7, no.1, pp.1-11, 2015. DOI:10.5815/ijitcs.2015.01.01

Reference

[1]Anthony Finkelstein, Wolfgang Emmerich, “The Future of Requirements Management Tools,” In: Information Systems in Public Administration and Law, 2000. 

[2]Daniyal M Alghazzawi, Shams Tabrez Siddiqui, Mohammad Ubaidullah Bokhari, Hatem S Abu Hamatta, "Selecting Appropriate Requirements Management Tool for Developing Secure Enterprises Software,” IJITCS, vol.6, no.4, pp.49-55, 2014. DOI: 10.5815/ijitcs.2014.04.06

[3]Rajat R Sud, James D Arthur, “Requirement Management Tools-A Qualitative Assessment,” Technical Report 03-10, February 01 2003.

[4]G. Kotonvy and I. Sommerville, Requirements Engineering, John Wiley & Sons, New York, 1998.

[5]Shams Tabrez Siddiqui, “Needs, Types and Benefits of Requirements Management Tools,” International Journal of Trends in Computer Science, Volume 2, Issue 11, 2013 ISSN: 7462 – 8452.

[6]Vineet Kumar Maurya, “Suraksha: A Security Designers’ Workbench,” Presented at Hack.in 2009, IIT Kanpur, India, 17-19 March 2009. 

[7]Raimundas Matulevicius, “Process Support for Requirement Engineering: A Requirement engineering Tool Evaluation Approach,” Ph.D (Thesis), Department of Computer and Information science, Norwegian University of science and Technology. Trondheim, 2005

[8]Daniel Mellado, “A common criteria based security requirements engineering process for the development of secure information systems,” Computer Standards & Interfaces 29, 244–253. Elsevier, 2007.

[9]K. Wiegers, Software Requirements, Microsoft Press, Redmond, Wash., 1999.

[10]Jun Han, “TRAM: A Tool for Requirements and Architecture Management,” in the Proceedings of the 24th Australasian Computer Science Conference, Gold Coast, Australia, 2001. 

[11]“Requirements Management with Enterprises architect,” by Sparx system, 2010 version1.3 Website: www.sparxsystems.com

[12]M U Bokhari, Shams T Siddiqui,“A Comparative study of software requirements tools for secure software Development,” BVICAM‟S International Journal of IT (BIJIT), 2010: 207-216. 

[13]Matthias Weber and Joachim Weisbrod, “Requirements Engineering in Automotive Development: Experiences and Challenges,” IEEE Software, 2003.

[14]M. Hoffmann, N. Kuhn, M. Weber, and M. Bittner, “Requirements for requirements management tools,” in RE ’04: Proceedings of the 12th IEEE International Conference on Requirements Engineering, Washington, DC, USA, 2004, p. 301–308.

[15]Rajat R Sud, “Requirement Management Tool: Assessment and Comparison,” Report, February 15, 2012- Version 10. 

[16]Raimundas Matulevičius1, Patrick Heymans1, and Guttorm Sindre2, “Comparing Goal-Modelling Tools With The Re-Tool Evaluation Approach”, ISSN 1392 – 124X Information Technology And Control, 2006, Vol.35, No.3A

[17]Tony Cant, Jim McCarthy and Robyn Stanley, “Tools for Requirements Management: a Comparison of Telelogic DOORS and the HiVe”, Defence Science and Technology Organisation, 2006

[18]Shams Tabrez Siddiqui, “Multilevel Security Spiral (MSS) Model: NOVEL Approach”, International Journal of Computer Applications (0975 – 8887) Volume 65– No.20, March 2013

[19]Unicode. http://www.unicode.org/.

[20]Shams-ul-Arif, Qadeem Khan, S. A. K. Gahyyur, “Requirements Engineering Processes, Tools/Technologies, & Methodologies”, International Journal of Reviews in Computing, 2009. 

[21]Jasdeep Singh Bhalla, “A Database Encryption Technique to Enhance Security Using Hill Cipher Algorithm,” International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249 – 8958, Volume-2, Issue-4, April 2013.

[22]Francesca Ricciardi, “Design and Normative Claims in Organization Studies: A Methodological Proposal,” Lecture Notes in Information Systems and Organisation 1, DOI: 10.1007/978-3-642-33371-2_2, _ Springer-Verlag Berlin Heidelberg 2013

[23]V Kumar, R Thareja, “Goal Structured Requirement Engineering and Traceability Model for Data Warehouses,” International Journal of Information Technology and Computer Science, vol. 12, pg. 78-85. 2013

[24]R. J. Wieringa, “An Introduction to Requirements Traceability,” Vrije Universiteit, Faculty of Mathematics and Computer Science, Amsterdam, 1995.

[25]Software Testing-Requirements Traceability Matrix.Website:http://www.etestinghub.com/requirements_traceability_matrix.php

[26]Uzair Akbar Raja and Kashif Kamran, “Framework for Requirements Traceability- TLFRT supporting pre-RS & post-RS traceability,” School of Engineering Blekinge Institute of Technology. Master Thesis, 2008

[27]J.Cleland-Huang, R. Settimi, O.B. Khadra, E. Berezhanskaya, and S. Christina, “Goal-Centric Traceability for Managing Non-Functional Requirements,” Proceedings of the 27th international conference on Software engineering ICSE '05, ACM, pp. 362-371. 2005 

[28]J. Huffman Hayes, A. Dekhtyar, and J. Osborne, “Improving Requirements Tracing via Information Retrieval”, Proceedings of 11th IEEE International Requirements Engineering Conference, IEEE CS Press, 2003, pp.138-147.

[29]J. Cleland-Huang, R. Settimi, C. Duan, and X. Zou, “Utilizing supporting evidence to improve dynamic requirements traceability,” Proceedings of IEEE Intentional Requirement Engineering Conference, 2005, pp. 135–144. 

[30]J. Cleland-Huang, C. Sethi, G. Javvaji, and K. Xia, “Automating speculative queries through event-based requirements traceability,” Proceedings of the IEEE Joint International Requirements Engineering Conference (RE‘02), 2002, pp. 289- 296.

[31]J. Cleland-Huang, C.K. Chang, and M. Christensen, “Event-Based Traceability for Managing Evolutionary Change,” IEEE Transactions on Software Engineering, vol. 29, no. 9, IEEE, 2003, pp. 796-810.

[32]F. Blaauboer, K. Sikkel, M.N. Aydin, “Deciding to Adopt Requirements Traceability in Practice,” Springer Lecture Notes in Computer Science, vol. 4495/2007, pp 294-308

[33]J.Cleland-Huang, “Toward Improved Traceability of Non-Functional Requirements”, Proceedings of the 3rd international workshop on Traceability in emerging forms of software engineering TEFSE‘05, ACM, 2005, pp. 14-19.

[34]L. C. Paulson and T. Nipkow, “Isabelle: A Generic Theorem Prover,” in volume 828 of LNCS.Springer-Verlag, 1994.

[35]Markus Wenzel, “Isar — a generic interpretative approach to readable formal proof documents,” In Y. Bertot, G. Dowek, A. Hirschowitz, C. Paulin, and L. Thery, editors, Theorem Proving in Higher Order Logics: TPHOLs ’99, volume 1690 of LNCS, 1999.

[36]T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle’s Logics: HOL, 2001. Part of the Isabelle distribution, http://isabelle.in.tum.de/doc/logics-HOL.pdf.

[37]B. P. Mahony. The DOVE approach to the design of complex dynamic processes. 2002. In ‘TPHOLs 2002 (Track B)’, http://techreports.larc.nasa.gov/ltrs/PDF/2002/cp/NASA-2002-cp211736.pdf.

[38]J. M. Spivey. The Z Notation: A Reference Manual. Second edn, Prentice Hall International.

[39]G. Smith. Logic for object-Z, Technical Report 94-48, Software Verification Research Center, The University of Queensland, 1994.

[40]Online on: http://en.wikipedia.org/wiki/Risk_management, March 14, 2014.

[41]B. Kirwan, and L (eds). Ainsworth, K. A Guide to Task Analysis. Taylor & Francis Ltd. 1992.

[42]J Richardson, T C Ormerod, A Shepherd, “The role of task analysis in capturing requirements for interface design,” Interacting with Computers, 1998.

[43]Pedro J. Valderas Aranda,” A Requirements Engineering Approach for the Development of Web Applications,” Department of Information Systems and Computation Technical University of Valencia, Thesis, November 2007.

[44]ISO. ISO 9241-11. Ergonomic requirements for office work with visual display terminals (VDT) s - Part 11 Guidance on usability. Technical report, 1998.

[45]Shamal Faily, “A framework for usable and secure system design,” Ph.D(Thesis) Wolfson College University of Oxford, Hilary Term 2011

[46]Geoffrey H. Wold and Robert F. Shriver, “Risk Analysis Techniques,” Disaster Recovery Journal© 1997.

[47]IEC. IEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems. Parts 1-7. International Electro technical Commission, Switzerland, 1998-2005.

[48]B.J.M. Abma, “Evaluation of requirements management tools with support for traceability-based change impact analysis,” Master’s Thesis, September 10, 2009.

[49]Tousif ur Rehman, Muhammad Naeem Ahmed Khan, Naveed Riaz, “Analysis of Requirement Engineering Processes, Tools/Techniques and Methodologies,” In I.J. Information Technology and Computer Science, 2013, 03, 40-48.

[50]S.A Bohner, and R.S Arnold, “Software change impact analysis,” IEEE Computer Society Press, Los Alamitos, Calif., 1996.

[51]M.U.Bokhari, “Metrics for Requirement Engineering and Automated Requirement Tools,” Proceedings of the 5th National Conference; INDIACom-2011, New Delhi, 2011

[52]S. A. Bohner, "Software Change Impacts - An Evolving Perspective," Proc. IEEE International Conference on Software Maintenance, Montreal, Canada, pp. 263-272, 3-6 October, 2002. 

[53]Muhammad Naeem Ahmed Khan, Muhammad Khalid, Sami ul Haq, "Review of Requirements Management Issues in Software Development," IJMECS, vol.5, no.1, pp.21-27, 2013.DOI: 10.5815/ijmecs.2013.01.03.