NON-FUNCTIONAL REQUIREMENTS IN SOFTWARE ENGINEERING:

advertisement
CSC-532 Advanced Topics in Software Engineering
TERM PAPER
SECURITY AS A NON-FUNCTIONAL
REQUIREMENT IN SOFTWARE ENGINEERING
SUBMITTED BY:
PUNIT S. VORA
LOUISIANA TECH UNIVERSITY
26th October, 2004.
SECURITY AS A NON-FUNCTOINAL REQUIREMENT IN SOFTWARE ENGINEERING:
ABSTRACT: Although Non-Functional Requirements (NFR) have been present in
almost all software development methods, they have been presented as second class type
of requirements, often hidden inside notes and therefore, frequently neglected or
forgotten. Non-functional requirements are among the most expensive and difficult to
deal with, but there are still few works that focus on NFRs modeling and formulization
which gives a framework for including NFRs in system design. Dealing only with
functional requirements is no longer enough to build software that can reflect all the
complexity that software systems may have nowadays. Security is amongst the most
critical of NFRs that translates into a lot of money and concern for corporations
worldwide. This paper first explains some work that has been carried out on NFRs and
then studies a security monitoring tools available for Cluster Computing and analyzes
them from the Software Engineering point of view.
KEYWORDS: Non-Functional Requirements, NFRs, security, NVisionIP, NVisionCC
INTRODUCTION:
Software engineering’s goal will always be to produce quality software which is
delivered on time, within budget and satisfying customer’s need above all. The software
market is increasing its demands for providing software that not only implements all the
desired functionality but also satisfies the non-functional necessities which lead to a more
complete software capable of handling most of the non-functional requirements
associated with the product and which also results in lower maintenance costs. NonFunctional Requirements ( sometimes also referred to as software qualities) indicate how
the system behaves with respect to and includes requirements dealing with system
performance, operation, required resources and costs, verification, documentation,
security, portability and reliability. Thus, satisfying NFRs is critical to building good
software systems and expedites the time-to-the-market process, since errors due to not
properly dealing with NFR, which are usually time consuming and complex, can be
avoided. However, software engineers need to know whether the performance overheads
of the algorithms that deal with the various NFRs will violate with the basic performance
requirement or conflict among themselves.
The current development on NFRs can be characterized as either process oriented or
product oriented. Process oriented techniques aim to integrate non-functional
requirements into the design process while product oriented techniques approach focus
on evaluating the end product to determine whether it satisfies the NFRs.
NFRs
themselves may be characterized as quantitative (eg. system performance, operation, etc)
or qualitative (e.g. look and feel). Another way of segregating and dealing with NFRs is
to demarcate them as either consumer [2] NFRs (such as efficiency and correctness) or
technical NFRs (scope or completeness). Sometimes, specific domain information is used
to quantify non-functional requirements.
PROPOSED APPROACHES FOR NFR CAPTURE AND MODELLING:
1) Goal Graph Method: Includes non-functional requirement goals (security,
performance etc.), satisficing goals (category of design decisions that may be adopted in
order to satisfy one or more NFRs) and argumentation goals (formal or informal claims
that provide support of counter evidence for a goal or goal refinement). [6]
2) Performance Case which are modeled like use cases (contains identifying
information, description of action steps and links to other related information). [2]
3) Abuse cases: A family of complete transactions between one or more actors and
system that result in harm to the system or the process. It also includes a description of
the range of security privileges that may be abused.
4) UMLsec: An extension to UML to specifically incorporate the security part of the
NFRs. The extension is given in form of a UML profile using the standard UML
extension mechanisms.
CLUSTER SECURITY AS AN NFR:
Security is amongst the most critical non-functional requirements in today’s data-driven
world. Security breach incidents reported to the Computer Emergency Readiness Team
Coordination Center (CERT/CC) rose 2,099 percent from 1998 through 2002—an
average annual compounded rate of 116 percent [8]. Such vulnerabilities can impact
critical infrastructure as well as commerce. This strongly points to the direction of
developing a tool that deals with security as an independent entity. Some basic principles
for secure software development [8] can be stated as:
1) Access decisions should be based on permission rather than exclusion.
2) Every program and every user of the system should operate using the least set of
privileges necessary to complete the job.
3) The design should be as simple and small as possible.
4) Every access to every object must be checked for authority.
Problem with current security monitoring tools:
Network’s today commonly have more than a hundred nodes. The amount of data from
Access Logs and Intrusion Detection Systems that monitor these networks can easily
overwhelm a security engineer, who cannot keep track of the behavior of the network
with over abundant data. A better approach to detect and stop attacks on networks is to
present the network data in a more visual manner that makes use of the inherent visual
recognition and reasoning capabilities of humans. The following section of this paper
describes tools developed by NCSA (National Center for Supercomputing Applications)
called as NVisionIP and NVisionCC ,which help in visualizing the security status of a
network and that of a Cluster of computers, respectively. Each of the above mentioned
tools follow the Visual Information Seeking principle (“Overview first, zoom and filter,
then details on-demand”) [8] to present the security state of the system as a whole.
NVisionCC (A Cluster Security Monitoring Tool):
Motivation: The primary motivation for building this software was that although there
are many tools for monitoring security of enterprise networks and a few tools for
monitoring the performance of a cluster, there are no tools specifically designed as
security monitors for a cluster. Cluster security is different from network security and
requires the evaluation of the state of a cluster as a whole, i.e. viewing a cluster as single
cohesive unit instead of a massive collection of individual machines [8]. While some
cluster monitoring tools have GUIs which allow the ability to examine raw data of a
particular host, there is little security information that can be gathered from these
visualizations. The concept of Situational Awareness is the governing idea behind this
software. Inherent Data Visualization capabilities are used as a stepping stone to present
information in a way that is easily comprehensible. It also allows near real-time data
monitoring, and thus helps in taking quick decisions. It has also been designed keeping in
mind the fact that security monitoring should not conflict with the high performance
computing for which the clusters are originally designed.
The Software: NVisionCC (CC = Cluster Computing) captures and synthesizes data
from heterogeneous sources and presents the information in an easily comprehensible
visual interface. On a single screen, NVisionCC provides an overview of the cluster and
generates alerts that pinpoint specific nodes where the data indicates a potential problem.
NVisionCC is implemented as an interface plug-in extension of Clumon, a cluster
performance monitoring tool developed at NCSA that is widely used on clusters
worldwide. Using Clumon allows NVisionCC to depend on the data collection and
logging facilities provided by Clumon [6], thus allowing focus on better analysis and
display of security information.
NVisionCC currently includes [8]:
1. a Process Monitor Module that tracks the processes running on each node,
2. a Port Scanner Module that scans each node for open network ports,
3. a File Integrity Module that validates the identity of disk files, particularly those
files that hackers frequently try to alter for their own ends.
Future versions will include a traffic analyzer, which will compare network traffic with
the cluster communication pattern and will correlate the network traffic with the job
scheduler, and a log analyzer, to analyze the cluster's system logs.
The basic visualization design elements that are incorporated are [8]:
• All the nodes of the cluster are shown on one screen adjacent in space
• Overview of entire cluster with drill down to areas of interest and raw data details on
demand at the individual node level.
• Different icons show different levels of process security status: critical, bad, suspicious,
and normal.
• The NVisionCC Process Alert View provides decision-making assistance by
consolidating alerts from all cluster nodes into a prioritized list.
• Host Level View is available by clicking on a host icon from NVisionCC Main View.
Advantages of NVisionCC:
1) Tailored specifically for Cluster security.
2) Is near real-time, thus security status can be continuously monitored.
3) Allows easily visualization with ‘deeper’ views for the select host/node among
the cluster.
CONCLUSION :
Dealing only with functional requirements is no longer enough to build software that can
reflect all the complexity that software may have nowadays. It’s essential to develop
methods that allow the treatment of non-functional requirement in tandem with the
functional requirements. Cluster security is a critical non-functional requirement that has
to be addressed differently from network security. NVisionCC (although still in testing
phase) is designed effectively, keeps focus on cluster security as an independent topic of
concern and leverages the Situational Awareness of human mind to simplify the
representation of cluster data and thus monitoring of security of a cluster.
REFERENCES:
1]
The Unified Software Development Process by Ivar Jacobson, Grady Booch and
James Rumbaugh, Addison-Wesley, 1999
2] Martin L. Barrett, Putting Non-Functional Requirements to Good Use
3] Luiz Marcio Cysneiros, Using UML to Reflect Non-Functional Requirements
4] http://www.ncassr.org/projects/sift/
5] http://www.ncassr.org/projects/cluster-sec/
6] Raquel Hill, Jun Wang, Klara Narhstedt, Towards a Framework for Quantifying NonFunctional Requirements
7] Processes for producing secure software; Summary of US National Cybersecurity
Summit Subgroup Report.
8] William Yurcik Gregory A. Koenig Xin Meng Joseph Greenseid; Cluster Security as a
Unique Problem with Emergent Properties: Issues and Techniques
Download