CSC-532 Advanced Topics in Software Engineering TERM PAPER SECURITY AS A NON-FUNCTIONAL REQUIREMENT IN SOFTWARE ENGINEERING SUBMITTED BY: PUNIT S. VORA LOUISIANA TECH UNIVERSITY 26th October, 2004. SECURITY AS A NON-FUNCTOINAL REQUIREMENT IN SOFTWARE ENGINEERING: ABSTRACT: Although Non-Functional Requirements (NFR) have been present in almost all software development methods, they have been presented as second class type of requirements, often hidden inside notes and therefore, frequently neglected or forgotten. Non-functional requirements are among the most expensive and difficult to deal with, but there are still few works that focus on NFRs modeling and formulization which gives a framework for including NFRs in system design. Dealing only with functional requirements is no longer enough to build software that can reflect all the complexity that software systems may have nowadays. Security is amongst the most critical of NFRs that translates into a lot of money and concern for corporations worldwide. This paper first explains some work that has been carried out on NFRs and then studies a security monitoring tools available for Cluster Computing and analyzes them from the Software Engineering point of view. KEYWORDS: Non-Functional Requirements, NFRs, security, NVisionIP, NVisionCC INTRODUCTION: Software engineering’s goal will always be to produce quality software which is delivered on time, within budget and satisfying customer’s need above all. The software market is increasing its demands for providing software that not only implements all the desired functionality but also satisfies the non-functional necessities which lead to a more complete software capable of handling most of the non-functional requirements associated with the product and which also results in lower maintenance costs. NonFunctional Requirements ( sometimes also referred to as software qualities) indicate how the system behaves with respect to and includes requirements dealing with system performance, operation, required resources and costs, verification, documentation, security, portability and reliability. Thus, satisfying NFRs is critical to building good software systems and expedites the time-to-the-market process, since errors due to not properly dealing with NFR, which are usually time consuming and complex, can be avoided. However, software engineers need to know whether the performance overheads of the algorithms that deal with the various NFRs will violate with the basic performance requirement or conflict among themselves. The current development on NFRs can be characterized as either process oriented or product oriented. Process oriented techniques aim to integrate non-functional requirements into the design process while product oriented techniques approach focus on evaluating the end product to determine whether it satisfies the NFRs. NFRs themselves may be characterized as quantitative (eg. system performance, operation, etc) or qualitative (e.g. look and feel). Another way of segregating and dealing with NFRs is to demarcate them as either consumer [2] NFRs (such as efficiency and correctness) or technical NFRs (scope or completeness). Sometimes, specific domain information is used to quantify non-functional requirements. PROPOSED APPROACHES FOR NFR CAPTURE AND MODELLING: 1) Goal Graph Method: Includes non-functional requirement goals (security, performance etc.), satisficing goals (category of design decisions that may be adopted in order to satisfy one or more NFRs) and argumentation goals (formal or informal claims that provide support of counter evidence for a goal or goal refinement). [6] 2) Performance Case which are modeled like use cases (contains identifying information, description of action steps and links to other related information). [2] 3) Abuse cases: A family of complete transactions between one or more actors and system that result in harm to the system or the process. It also includes a description of the range of security privileges that may be abused. 4) UMLsec: An extension to UML to specifically incorporate the security part of the NFRs. The extension is given in form of a UML profile using the standard UML extension mechanisms. CLUSTER SECURITY AS AN NFR: Security is amongst the most critical non-functional requirements in today’s data-driven world. Security breach incidents reported to the Computer Emergency Readiness Team Coordination Center (CERT/CC) rose 2,099 percent from 1998 through 2002—an average annual compounded rate of 116 percent [8]. Such vulnerabilities can impact critical infrastructure as well as commerce. This strongly points to the direction of developing a tool that deals with security as an independent entity. Some basic principles for secure software development [8] can be stated as: 1) Access decisions should be based on permission rather than exclusion. 2) Every program and every user of the system should operate using the least set of privileges necessary to complete the job. 3) The design should be as simple and small as possible. 4) Every access to every object must be checked for authority. Problem with current security monitoring tools: Network’s today commonly have more than a hundred nodes. The amount of data from Access Logs and Intrusion Detection Systems that monitor these networks can easily overwhelm a security engineer, who cannot keep track of the behavior of the network with over abundant data. A better approach to detect and stop attacks on networks is to present the network data in a more visual manner that makes use of the inherent visual recognition and reasoning capabilities of humans. The following section of this paper describes tools developed by NCSA (National Center for Supercomputing Applications) called as NVisionIP and NVisionCC ,which help in visualizing the security status of a network and that of a Cluster of computers, respectively. Each of the above mentioned tools follow the Visual Information Seeking principle (“Overview first, zoom and filter, then details on-demand”) [8] to present the security state of the system as a whole. NVisionCC (A Cluster Security Monitoring Tool): Motivation: The primary motivation for building this software was that although there are many tools for monitoring security of enterprise networks and a few tools for monitoring the performance of a cluster, there are no tools specifically designed as security monitors for a cluster. Cluster security is different from network security and requires the evaluation of the state of a cluster as a whole, i.e. viewing a cluster as single cohesive unit instead of a massive collection of individual machines [8]. While some cluster monitoring tools have GUIs which allow the ability to examine raw data of a particular host, there is little security information that can be gathered from these visualizations. The concept of Situational Awareness is the governing idea behind this software. Inherent Data Visualization capabilities are used as a stepping stone to present information in a way that is easily comprehensible. It also allows near real-time data monitoring, and thus helps in taking quick decisions. It has also been designed keeping in mind the fact that security monitoring should not conflict with the high performance computing for which the clusters are originally designed. The Software: NVisionCC (CC = Cluster Computing) captures and synthesizes data from heterogeneous sources and presents the information in an easily comprehensible visual interface. On a single screen, NVisionCC provides an overview of the cluster and generates alerts that pinpoint specific nodes where the data indicates a potential problem. NVisionCC is implemented as an interface plug-in extension of Clumon, a cluster performance monitoring tool developed at NCSA that is widely used on clusters worldwide. Using Clumon allows NVisionCC to depend on the data collection and logging facilities provided by Clumon [6], thus allowing focus on better analysis and display of security information. NVisionCC currently includes [8]: 1. a Process Monitor Module that tracks the processes running on each node, 2. a Port Scanner Module that scans each node for open network ports, 3. a File Integrity Module that validates the identity of disk files, particularly those files that hackers frequently try to alter for their own ends. Future versions will include a traffic analyzer, which will compare network traffic with the cluster communication pattern and will correlate the network traffic with the job scheduler, and a log analyzer, to analyze the cluster's system logs. The basic visualization design elements that are incorporated are [8]: • All the nodes of the cluster are shown on one screen adjacent in space • Overview of entire cluster with drill down to areas of interest and raw data details on demand at the individual node level. • Different icons show different levels of process security status: critical, bad, suspicious, and normal. • The NVisionCC Process Alert View provides decision-making assistance by consolidating alerts from all cluster nodes into a prioritized list. • Host Level View is available by clicking on a host icon from NVisionCC Main View. Advantages of NVisionCC: 1) Tailored specifically for Cluster security. 2) Is near real-time, thus security status can be continuously monitored. 3) Allows easily visualization with ‘deeper’ views for the select host/node among the cluster. CONCLUSION : Dealing only with functional requirements is no longer enough to build software that can reflect all the complexity that software may have nowadays. It’s essential to develop methods that allow the treatment of non-functional requirement in tandem with the functional requirements. Cluster security is a critical non-functional requirement that has to be addressed differently from network security. NVisionCC (although still in testing phase) is designed effectively, keeps focus on cluster security as an independent topic of concern and leverages the Situational Awareness of human mind to simplify the representation of cluster data and thus monitoring of security of a cluster. REFERENCES: 1] The Unified Software Development Process by Ivar Jacobson, Grady Booch and James Rumbaugh, Addison-Wesley, 1999 2] Martin L. Barrett, Putting Non-Functional Requirements to Good Use 3] Luiz Marcio Cysneiros, Using UML to Reflect Non-Functional Requirements 4] http://www.ncassr.org/projects/sift/ 5] http://www.ncassr.org/projects/cluster-sec/ 6] Raquel Hill, Jun Wang, Klara Narhstedt, Towards a Framework for Quantifying NonFunctional Requirements 7] Processes for producing secure software; Summary of US National Cybersecurity Summit Subgroup Report. 8] William Yurcik Gregory A. Koenig Xin Meng Joseph Greenseid; Cluster Security as a Unique Problem with Emergent Properties: Issues and Techniques