A Security Requirements Engineering Tool for Domain Engineering in Software Product Lines

The concepts of Service-Oriented Architectures and Software Product Lines are currently being paid a considerable amount of attention, both in research and in practice. Both disciplines promise to make the development of flexible, cost-effective software systems possible and to support high levels of reuse, and may sometimes be complementary to each other. In both paradigms, security is a critical issue, although most of the existing product line practices do not comprise all the security requirements engineering activities or provide automated support through which to perform these activities, despite the fact that it is widely accepted that the application of any requirements engineering process or methodology is much more difficult without a CARE (Computer-Aided Requirements Engineering) tool, since it must be performed manually. Therefore, this chapter shall present a tool denominated as SREPPLineTool, which provides automated support through which to facilitate the application of the security quality requirements engineering process for software product lines, SREPPLine. SREPPLineTool simplifies the management of security requirements in product lines by providing us with a guided, systematic and intuitive manner in which to deal with them from the early stages of product line development, thus simplifying the management and the visualization of artefact variability and traceability links and the integration of security standards, along with the management of the security reference model proposed by SREPPLine.

Functional and QoS Semantics-Driven SOA-Based Biomedical Multimedia Processing

Although there have existed a wide range of techniques of biomedical multimedia processing, none of them could be generally satisfied by various domains. The main reason for such deficiency is due to the correlative nature between biomedical multimedia data and the techniques applied to them. This book chapter introduces an SOA-based biomedical multimedia infrastructure with a pre-processing component. Such an infrastructure adapts the concepts of requirements elicitation of Software Engineering as well as a training set of Machine Learning to analyze functional and QoS properties of biomedical multimedia data in advance. Such properties will be constructed as ontology and used for selecting the most appropriate services to perform data analysis, transmission, or retrieval. Two medical education projects are introduced as case studies to illustrate the usage of functional and QoS semantics extracted from a feature extraction service to improve the performance of subsequent classification service and searching service, respectively.

Addressing Non-Functional Properties of Services in IT Service Management

A key point that remains to be addressed is the assurance of service levels for end-user applications that rely on these provider models. This chapter describes an approach for addressing non-functional properties (NFPs) of services in service-oriented architectures (SOA). The approach is based on reference models such as the IT Infrastructure Library (ITIL) and the SOA life cycle model. It has been applied in several industrial settings in the telecommunications sector.

Model-Driven Approach for End-to-End SOA Security Configurations

The configuration of non-functional requirements, such as security, has become important for SOA applications, but the configuration process has not been discussed comprehensively. In current development processes, the security requirements are not considered in upstream phases and a developer at a downstream phase is responsible for writing the security configuration. However, configuring security requirements properly is quite difficult for developers because the SOA security is cross-domain and all required information is not available in the downstream phase. To resolve this problem, this chapter clarifies how to configure security in the SOA application development process and defines the developer’s roles in each phase. Additionally, it proposes a supporting technology to generate security configurations: Model-Driven Security. The authors propose a methodology for end-to-end security configuration for SOA applications and tools for generating detailed security configurations from the requirements specified in upstream phases model transformations, making it possible to configure security properly without increasing developers’ workloads.

Model-Driven Development of Non-Functional Properties in Web Services

For the last few years, model-driven architecture, aspect-oriented software development and Web service engineering have become widely accepted alternatives for tackling the design and building of complex distributed applications; however, each of them addresses the principle of separation of concerns from their own perspective. When combined appropriately, both model-driven and aspect-oriented software development complement each other to develop high-quality Web service-based systems, maintaining non-functional properties separate from models to code. This chapter provides a methodology that integrates non-functional properties into Web service model-driven development, increasing the systems’ modularity and thus reducing implementation and maintenance costs.

Relational Service Quality Modeling

The paper argues that using non-first-normal-form (NF2) tables for requirements modeling is a suitable approach for communicating application system issues to stakeholders who have a business background. In particular, such tables are used in an intermediate predesign step residing between requirements elicitation and conceptual design for modeling functional and quality requirements of services and business processes. This approach extends to quality requirements of business processes used for service orchestration.

Model-Driven Engineering of Non-Functional Properties for Pervasive Service Creation

Pervasive services are highly customizable and personalized services that must have the capability to run anytime, anywhere, and on any device with minimal user attention. The creation of these dynamic services using application level approaches becomes a daunting task for the software engineering community. This necessitates changes to the way services are designed and implemented, in order to simplify and increase the agility of the service creation process. In this chapter, a model-driven development process and an environment that facilitates pervasive service creation using an abstract platform independent approach are described. Using this approach, a context modelling language is defined in the form of a metamodel and a context modelling framework is generated. The framework facilitates the definition of platform independent context models that describe the non-functional requirements of pervasive services. Subsequently, context models are mapped and transformed via the use of the generic environment’s capabilities to implementation specific service code. Finally, a pervasive museum case study is presented to demonstrate the effectiveness of the approach for the definition of a context model and the generation of the service implementation.

Developing Non-Functional Requirements for a Service-Oriented Application Platform

The challenges in developing non-functional requirements (NFRs) for an application platform go much beyond those for a single application system. To derive platform NFRs from NFR specifications of different domain applications, requirements analysts must deal with much variation of domain specific NFRs, with different deployment configurations and load conditions, with different NFR related trade-offs, as well as with different terminology and metric definitions. This chapter presents a platform NFR development method that supports dealing with the aforementioned challenges. The presented method offers a goal- and scenario-oriented modeling and analysis technique that supports dealing with qualitative and quantitative NFRs during platform NFR development in an integrated way. The platform NFR development method was used to develop NFRs of a service-oriented application platform for three different application domains in an industrial setting.

Tracing the Implementation of Non-Functional Requirements

A software architecture has to enable the non-functional properties, such as flexibility, scalability, or security, because they constitute the decisive factors for its design. Unfortunately, the methodical support for the implementation of non-functional requirements into software architectures is still weak; solutions are not generally established. Recently, there are only few approaches that actually deal with non-functional requirements during design; even fewer take advantage of traceability, which supports a mapping of requirements to solutions through the development process. Therefore, in this chapter the new architectural design method TraGoSoMa is presented, which supports these issues. The method uses a so-called Goal Solution Scheme, which guides the design activities, supports conflict resolution, decision-making, and the classification of solutions. For illustration purposes the chapter uses a case study from a reengineering project for a Manufacturing Execution System (MES) that is restructured according to the SOA principles and integrated with an Enterprise Resource Planning (ERP) system.

Control Engineering for Scaling Service Oriented Architectures

Scaling Service Oriented Architectures (SOAs) requires a systematic approach to resource management to achieve service level objectives (SLOs). Recently, there has been increasing use of control engineering techniques to design scalable resource management solutions that achieve SLOs. This chapter proposes a methodology for scaling SOAs based on control engineering. The methodology used here extends approaches used in scaling software products at IBM and Microsoft.