Representing and Configuring Security Variability in Software Product Lines

被引：4

作者：

Myllarniemi, Varvana ^{[1
]}

Raatikainen, Mikko ^{[1
]}

Mannisto, Tomi ^{[2
]}

机构：

[1] Aalto Univ, Espoo, Finland

[2] Univ Helsinki, FIN-00014 Helsinki, Finland

来源：

QOSA'15 PROCEEDINGS OF THE 11TH INTERNATIONAL ACM SIGSOFT CONFERENCE ON QUALITY OF SOFTWARE ARCHITECTURES | 2015年

关键词：

Security; Variability; Software product line; Software architecture; REQUIREMENTS;

D O I：

10.1145/2737182.2737183

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In a software product line, security may need to be varied. Consequently, security variability must be managed both from the customer and product line architecture point of view. We utilize design science to build an artifact and a generalized design theory for representing and configuring security and functional variability from the requirements to the architecture in a configurable software product line. An open source web shop product line, Magento, is used as a case example to instantiate and evaluate the contribution. The results indicate that security variability can be represented and distinguished as countermeasures; and that a configurator tool is able to find consistent products as stable models of answer set programs.

引用

页码：1 / 10

页数：10

共 41 条

[1] Misuse cases: Use cases with hostile intent
Alexander, I
[J]. IEEE SOFTWARE, 2003, 20 (01) : 58 - +
[2] [Anonymous], 2000, Design & Use of Software Architectures-Adopting and Evolving a Product Line Approach
[3] [Anonymous], 2007, 4949 IETF RFC
[4] [Anonymous], 2005, INT WORKSH HIGH ASS
[5] [Anonymous], 2004, MIS Q
[6] Asikainen T., 2007, ADV ENG INFORM J, V21
[7] Bartholdt J., 2009, ICSEA
[8] Model Driven Security: From UML models to access control infrastructures
Basin, D
Doser, J
Lodderstedt, T
[J]. ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY, 2006, 15 (01) : 39 - 91
[9] Bass Len, 2003, Software Architecture in Practice
[10] Bosch J., 2002, SPLC

← 1 2 3 4 5 →