Security Requirements as Code: Example from VeriDevOps Project

Khaled Ismaeel; Alexandr Naumchev; Andrey Sadovykh; Dragos Truscan; Eduard Paul Enoiu; Cristina Seceleanu

doi:10.1109/REW53955.2021.00063

Security Requirements as Code: Example from VeriDevOps Project

Khaled Ismaeel, Alexandr Naumchev, Andrey Sadovykh, Dragos Truscan, Eduard Paul Enoiu, Cristina Seceleanu

Forskningsoutput: Kapitel i bok/konferenshandling › Konferensbidrag › Vetenskaplig › Peer review

2 Citeringar (Scopus)

69 Nedladdningar (Pure)

Sammanfattning

This position paper presents and illustrates the concept of security requirements as code - a novel approach to security requirements specification. The aspiration to minimize code duplication and maximize its reuse has always been driving the evolution of software development approaches. Object-Oriented programming (OOP) takes these approaches to the state in which the resulting code conceptually maps to the problem that the code is supposed to solve. People nowadays start learning to program in the primary school. On the other hand, requirements engineers still heavily rely on natural language based techniques to specify requirements. The key idea of this paper is: artifacts produced by the requirements process should be treated as input to the regular object-oriented analysis. Therefore, the contribution of this paper is the presentation of the major concepts for the security requirements as the code method that is illustrated with a real industry example from the VeriDevOps project.

Originalspråk	Engelska
Titel på värdpublikation	Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021
Redaktörer	Tao Yue, Mehdi Mirakhorli
Förlag	IEEE
Sidor	357-363
Antal sidor	7
ISBN (elektroniskt)	978-1-6654-1898-0
ISBN (tryckt)	978-1-6654-1899-7
DOI	https://doi.org/10.1109/REW53955.2021.00063
Status	Publicerad - 2021
MoE-publikationstyp	A4 Artikel i en konferenspublikation
Evenemang	IEEE International Requirements Engineering Conference Workshops - Varaktighet: 20 sep. 2021 → 24 sep. 2021

Konferens

Konferens	IEEE International Requirements Engineering Conference Workshops
Förkortad titel	REW
Period	20/09/21 → 24/09/21

Åtkomst av dokument

10.1109/REW53955.2021.00063

REW2021-SecRecAsCode-cameraReadyAccepterat manuskript från författare, 128 KBLicens: Publisher rights policy

https://urn.fi/URN:NBN:fi-fe202201148549

Andra filer och länkar

Länk till publikationen i Scopus

VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments
Truscan, D., Porres Paltor, I., Ashraf, A., Ahmad, T., Chariyarupadannayil Sudheerbabu, G. & Chapagain, S.
EU Horizon 2020
01/10/20 → 31/01/24
Projekt: EU

Citera det här

@inproceedings{486143f19c98431cb67fac23fd132c33,

title = "Security Requirements as Code: Example from VeriDevOps Project",

abstract = "This position paper presents and illustrates the concept of security requirements as code - a novel approach to security requirements specification. The aspiration to minimize code duplication and maximize its reuse has always been driving the evolution of software development approaches. Object-Oriented programming (OOP) takes these approaches to the state in which the resulting code conceptually maps to the problem that the code is supposed to solve. People nowadays start learning to program in the primary school. On the other hand, requirements engineers still heavily rely on natural language based techniques to specify requirements. The key idea of this paper is: artifacts produced by the requirements process should be treated as input to the regular object-oriented analysis. Therefore, the contribution of this paper is the presentation of the major concepts for the security requirements as the code method that is illustrated with a real industry example from the VeriDevOps project. ",

keywords = "development, requirements as code, seamless, security, software",

author = "Khaled Ismaeel and Alexandr Naumchev and Andrey Sadovykh and Dragos Truscan and Enoiu, {Eduard Paul} and Cristina Seceleanu",

note = "Funding Information: This project is supported by end-user companies including Fagor Arrasate (FAGOR). FAGOR produces smart industry equipment that needs to be secured. One of the challenges is that the infrastructure is controlled by Industry PCs (IPCs) to be configured according to the standard guidelines (STIGs). The application of the security policies has to be periodically verified. Thus the guidelines in natural language have to be mapped to specific scripts for configuration and verification. Funding Information: ACKNOWLEDGMENT This work has received funding from Horizon 2020 programme under grant agreement No. 957212 - VeriDevOps project. Publisher Copyright: {\textcopyright} 2021 IEEE.; IEEE International Requirements Engineering Conference Workshops, REW ; Conference date: 20-09-2021 Through 24-09-2021",

year = "2021",

doi = "10.1109/REW53955.2021.00063",

language = "English",

isbn = "978-1-6654-1899-7",

pages = "357--363",

editor = "Tao Yue and Mehdi Mirakhorli",

booktitle = "Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021",

publisher = "IEEE",

address = "United States",

}

Ismaeel, K, Naumchev, A, Sadovykh, A, Truscan, D, Enoiu, EP & Seceleanu, C 2021, Security Requirements as Code: Example from VeriDevOps Project. i T Yue & M Mirakhorli (red), Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021. IEEE, s. 357-363, IEEE International Requirements Engineering Conference Workshops, 20/09/21. https://doi.org/10.1109/REW53955.2021.00063

Security Requirements as Code: Example from VeriDevOps Project. / Ismaeel, Khaled; Naumchev, Alexandr; Sadovykh, Andrey et al.
Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021. red. / Tao Yue; Mehdi Mirakhorli. IEEE, 2021. s. 357-363.

Forskningsoutput: Kapitel i bok/konferenshandling › Konferensbidrag › Vetenskaplig › Peer review

TY - GEN

T1 - Security Requirements as Code

T2 - IEEE International Requirements Engineering Conference Workshops

AU - Ismaeel, Khaled

AU - Naumchev, Alexandr

AU - Sadovykh, Andrey

AU - Truscan, Dragos

AU - Enoiu, Eduard Paul

AU - Seceleanu, Cristina

N1 - Funding Information: This project is supported by end-user companies including Fagor Arrasate (FAGOR). FAGOR produces smart industry equipment that needs to be secured. One of the challenges is that the infrastructure is controlled by Industry PCs (IPCs) to be configured according to the standard guidelines (STIGs). The application of the security policies has to be periodically verified. Thus the guidelines in natural language have to be mapped to specific scripts for configuration and verification. Funding Information: ACKNOWLEDGMENT This work has received funding from Horizon 2020 programme under grant agreement No. 957212 - VeriDevOps project. Publisher Copyright: © 2021 IEEE.

PY - 2021

Y1 - 2021

N2 - This position paper presents and illustrates the concept of security requirements as code - a novel approach to security requirements specification. The aspiration to minimize code duplication and maximize its reuse has always been driving the evolution of software development approaches. Object-Oriented programming (OOP) takes these approaches to the state in which the resulting code conceptually maps to the problem that the code is supposed to solve. People nowadays start learning to program in the primary school. On the other hand, requirements engineers still heavily rely on natural language based techniques to specify requirements. The key idea of this paper is: artifacts produced by the requirements process should be treated as input to the regular object-oriented analysis. Therefore, the contribution of this paper is the presentation of the major concepts for the security requirements as the code method that is illustrated with a real industry example from the VeriDevOps project.

AB - This position paper presents and illustrates the concept of security requirements as code - a novel approach to security requirements specification. The aspiration to minimize code duplication and maximize its reuse has always been driving the evolution of software development approaches. Object-Oriented programming (OOP) takes these approaches to the state in which the resulting code conceptually maps to the problem that the code is supposed to solve. People nowadays start learning to program in the primary school. On the other hand, requirements engineers still heavily rely on natural language based techniques to specify requirements. The key idea of this paper is: artifacts produced by the requirements process should be treated as input to the regular object-oriented analysis. Therefore, the contribution of this paper is the presentation of the major concepts for the security requirements as the code method that is illustrated with a real industry example from the VeriDevOps project.

KW - development

KW - requirements as code

KW - seamless

KW - security

KW - software

UR - http://www.scopus.com/inward/record.url?scp=85118455050&partnerID=8YFLogxK

U2 - 10.1109/REW53955.2021.00063

DO - 10.1109/REW53955.2021.00063

M3 - Conference contribution

AN - SCOPUS:85118455050

SN - 978-1-6654-1899-7

SP - 357

EP - 363

BT - Proceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021

A2 - Yue, Tao

A2 - Mirakhorli, Mehdi

PB - IEEE

Y2 - 20 September 2021 through 24 September 2021

ER -

Security Requirements as Code: Example from VeriDevOps Project

Sammanfattning

Konferens

Åtkomst av dokument

Andra filer och länkar

Fingeravtryck

Projekt

VeriDevOps: Automated Protection and Prevention to Meet Security Requirements in DevOps Environments

Citera det här