analüüsimine tarkvara arendamisel
Liina Kamm, Tartu Ülikool 2005
The Analysis of Security Requirements During Software Development
In this Bachelor thesis the integration of security analysis into the software development process is described. With the expansion of the Internet and the extensive growth of distributed systems, the security of software is becoming a more important issue.
The majority of today's software development process models view security aspects as non-functional requirements but most of the emphasis in analysis and design is put on functional requirements. The implementation of security can entail new functionality and requirements, the integration of which into existing architecture can be rather difficult. It is possible that, as a result, the system is vulnerable, because the security layer cannot simply be applied to the system but has to be integrated into the architecture.
In the first part of the thesis a method for the systematic development of secure systems is described. The proposed solution can be used together with existing software development methods. Security is integrated into different artefacts of the development process. The security analysis microprocess is carried out during every iteration. For each artefact a short description of the specification of security requirements is given.
In the second part of the thesis a questionnaire for identifying security requirements in the analysis stage is given. The questionnaire can be used by the developer as a framework for finding the security aspects that are relevant and important to the system. The questions have been distributed into logical groups. The explanations of the questions along with the examples that are included in the thesis help the developer identify the security requirements of the system. This questionnaire can be used for both the iterative and the waterfall process.
The advantage of using this questionnaire is that it helps integrate security analysis into the software requirements analysis process.