A Tool for Managing Evolving Security Requirements

TitleA Tool for Managing Evolving Security Requirements
Publication TypeConference Paper
Year of Publication2011
AuthorsBergmann, G., Massacci, F., Paci, F., Tun, T., Varró, D., and Yu, Y.
EditorNurcan, S.
Conference NameCAiSE'11 Forum at the 23rd International Conference on Advanced Information Systems Engineering
Date Published06/2011
Conference LocationLondon, UK
Keywordschange impact analysis, secure i*, security argumentation, security patterns, security requirements engineering

Requirements evolution management is a daunting process. Requirements change continuously making the traceability of requirements hard and the monitoring of requirements unreliable. Moreover, changing requirements might have an impact on the security properties a system design should satisfy: certain security properties that are satised before evolution might no longer be valid or new security properties need to be satised. This paper presents SeCMER, a tool for requirements evolution management developed in the context of the SecureChange project. The tool supports automatic detection of requirement changes and violation of security properties using change-driven transformations. The tool also supports argumentation analysis to check security properties are preserved by evolution and to identify new security properties that should be taken into account.