A Tool for Managing Evolving Security Requirements

TitleA Tool for Managing Evolving Security Requirements
Publication TypeBook Chapter
Year of Publication2012
AuthorsBergmann, G., Massacci, F., Paci, F., Tun, T T., Varró, D., and Yu, Y.
EditorNurcan, S., Aalst, W., Mylopoulos, J., Rosemann, M., Shaw, M. J., and Szyperski, C.
Book TitleIS Olympics: Information Systems in a Diverse World
Series TitleLecture Notes in Business Information Processing
PublisherSpringer Berlin Heidelberg
ISBN Number978-3-642-29749-6

Management of requirements evolution is a challenging process. Requirements change continuously making the traceability of requirements difficult and the monitoring of requirements unreliable. Moreover, changing requirements might have an impact on the security properties a system design should satisfy: certain security properties that are satisfied before evolution might no longer be valid or new security properties need to be satisfied after changes have been introduced. This paper presents SeCMER, a tool for requirements evolution management developed in the context of the SecureChange project. The tool supports automatic detection of requirement changes and violation of security properties using change-driven transformations. The tool also supports argumentation analysis to check security properties are preserved by evolution and to identify new security properties that should be taken into account.