Requirements Refinement and Exploration of Architecture for Security and Other NFRs
Takao Okubo, Nobukazu Yoshioka, and Haruhiko Kaiya.
In Advanced Information Systems Engineering Workshops, Vol. 178
of Lecture Notes in Business Information Processing (LNBIP),
Thessaloniki, Greece, 2014. Springer.
ISBN 978-3-319-07868-7, June 16-20 2014.
Earlier software architecture design is essential particularly
when it comes to security concerns, since security risks, requirements
and architectures are all closely interrelated and interacting. We have
proposed the security driven twin peaks method with a mutual refinement
of the requirements, and architectures. However, there are multiple
alternatives to an architecture design for initial requirements, and their
choices depend on non-functional requirements (NFRs), such as security,
performance, and costs which have a big impact on the quality of
the software. We propose a new method called TPM-SA2 to avoid any
back-track in refinement. Each architectural alternative in TPM-SA2 is
refined so that it aligns with the requirements. For each refinement, the
requirements can be updated vice versa. TPM-SA2 enables us to predict
the impacts on the NFRs by each candidate for the architecture,
and choose the most appropriate one with respect to the impact. As a
result, we can define the requirements and architectures, and estimated
the development costs earlier than ever.