How to Incorporate Security Requirements into the ArchWiz Tool

Uppsäll, Caroline

January 2009

<p>This thesis have two tasks: one is to help in the development of the ArchWiztool at ABB and the other is to find a way of how to formalise security related architecturalresponsibilities in a general way so that they can be incorporated in the tool. This thesis report focuses on thesoftware quality attribute security.The ArchWiz tool is developed at ABB Corporate Research in Västerås. The scopeof the tool is to serve as a software architecture guidance and knowledge tool for all softwarearchitecture professionals within ABB. The ArchWiz tool is a way of helping the architects of ABB to matchtheir product requirements with a list of general reusable requirements. The matched productrequirements can then use the reusable requirement's architectural solutions, which are also presentedin the tool. The tool focuses on usability, security and safety in this first version but it isconstructed so that the user can add their own general requirements regarding any quality.The architecture design phase in the development of a software system is a keypart in the development process, it gives the first design decisions and gives informationon if the system will have potential to meet its key requirements. Security is a software quality thathas grown in importance for the architectural design of the system. There exist a number of potentialthreats and attacks that might breach the security of the software and these threats needs to beprotected against. The ArchWiz project closed in December 2009 and at that time the tool was notfinished. A good foundation and a GUI framework for further implementations were developed but toget a fully functioning tool more implementations need to be made. Security is one of thequality attributes, which the ArchWiz is supposed to support. Suggestions on how to formalise securityresponsibilities in the tool have in this thesis been created and analysed. However, the suggestionsneed to be in incorporated in the tool and tested through users tests with the ABB architects.With the user tests as basis, the best suggestion can be selected.</p> / Architectural Wizard project

Security

Software architecture

ArchWiz

ABB

Computer science

Datavetenskap

How to Incorporate Security Requirements into the ArchWiz Tool

Uppsäll, Caroline

January 2009

This thesis have two tasks: one is to help in the development of the ArchWiztool at ABB and the other is to find a way of how to formalise security related architecturalresponsibilities in a general way so that they can be incorporated in the tool. This thesis report focuses on thesoftware quality attribute security.The ArchWiz tool is developed at ABB Corporate Research in Västerås. The scopeof the tool is to serve as a software architecture guidance and knowledge tool for all softwarearchitecture professionals within ABB. The ArchWiz tool is a way of helping the architects of ABB to matchtheir product requirements with a list of general reusable requirements. The matched productrequirements can then use the reusable requirement's architectural solutions, which are also presentedin the tool. The tool focuses on usability, security and safety in this first version but it isconstructed so that the user can add their own general requirements regarding any quality.The architecture design phase in the development of a software system is a keypart in the development process, it gives the first design decisions and gives informationon if the system will have potential to meet its key requirements. Security is a software quality thathas grown in importance for the architectural design of the system. There exist a number of potentialthreats and attacks that might breach the security of the software and these threats needs to beprotected against. The ArchWiz project closed in December 2009 and at that time the tool was notfinished. A good foundation and a GUI framework for further implementations were developed but toget a fully functioning tool more implementations need to be made. Security is one of thequality attributes, which the ArchWiz is supposed to support. Suggestions on how to formalise securityresponsibilities in the tool have in this thesis been created and analysed. However, the suggestionsneed to be in incorporated in the tool and tested through users tests with the ABB architects.With the user tests as basis, the best suggestion can be selected. / Architectural Wizard project

Security

Software architecture

ArchWiz

ABB

Computer Sciences

Datavetenskap (datalogi)