Secure Software Development through Non-Functional Requirements Modeling

In the development of a new software solution, users and developers spend the majority of their effort on modeling the functional requirements. The Non-Functional Requirements (NFR) are treated as a second class requirement, ignored until the end of the development cycle. They are often hidden, overshadowed and therefore, frequently neglected or forgotten. They are neglected because NFRs are often difficult to model, develop and test. NFRs become even more important in secure software design. Secure software design requires modeling of the confidentiality and integrity of data passed through the software system, along with the availability requirements of the software system. More research is needed on both the modeling of these requirements along with the mapping of the NFR models into executable software code. To develop robust software that is more resilient to cybersecurity attacks requires NFR modeling to become an integral part of the software development process. In this paper, we focus on the modeling of NFRs and the transformations from UML models into the source code.