A software engineering support methodology based on security and privacy compliance requirements

2021 ◽  
Author(s):  
Wagner Santos
Keyword(s):  
Software Engineering ◽  
Security And Privacy ◽  
Compliance Requirements

scholarly journals SEF4CPSIoT Software Engineering Framework for Cyber-Physical and IoT Systems

2021 ◽  
Vol 5 (1) ◽  
pp. 1-24
Author(s):  
Muthu Ramachandran
Keyword(s):  
Software Engineering ◽  
Smart Home ◽  
Cyber Physical Systems ◽  
Classification Model ◽  
Security And Privacy ◽  
Physical Systems ◽  
Iot Applications ◽  
Communications Technologies ◽  
Efficient Control ◽  
Efficient Integration

Cyber-physical systems (CPS) have emerged to address the need for more efficient integration of modern advancement in cyber and wireless communications technologies such as 5G with physical objects. In addition, CPSs systems also needed to efficient control of security and privacy when we compare them with internet of things (IoT). In recent years, we experienced lack of security concerns with smart home IoT applications such as home security camera, etc. Therefore, this paper proposes a systematic software engineering framework for CPS and IoT systems. This paper also proposed a comprehensive requirements engineering framework for CPS-IoT applications which can also be specified using BPMN modelling and simulation to verify and validate CPS-IoT requirements with smart contracts. In this context, one of the key contribution of this paper is the innovative and generic requirements classification model for CPS-IoT application services, and this can also be applied to other emerging technologies such as fog, edge, cloud, and blockchain computing.

2-SQUARE

2013 ◽  
Vol 1 (1) ◽  
pp. 41-53 ◽  
Author(s):  
Alan Lai ◽  
Cui Zhang ◽  
Senad Busovaca
Keyword(s):  
Software Engineering ◽  
Requirements Engineering ◽  
Security And Privacy ◽  
Engineering Process ◽  
Privacy Requirements ◽  
Requirements Engineering Process ◽  
Daunting Task ◽  
Process Guidance ◽  
Engineering Institute

This paper presents a highly flexible and expandable tool called 2-SQUARE in support of the SQUARE methodology for security and privacy requirements engineering developed by the Software Engineering Institute at Carnegie Mellon University. Security and privacy requirements engineering can be a daunting task even with the proper expertise. 2-SQUARE aims at making it straightforward to perform requirements engineering regardless of expertise by providing flexible workflows and process guidance. 2-SQUARE also facilitates communication between requirements engineers and stakeholders throughout the requirements engineering process.

scholarly journals Cloud Security - A Semantic Approach in End to End Security Compliance

2017 ◽  
Vol 5 (2) ◽  
pp. 97-106
Author(s):  
VNS Surendra Chimakurthi
Keyword(s):  
Security Policy ◽  
Service Providers ◽  
Cloud Service ◽  
Cloud Security ◽  
Cloud Services ◽  
Security Requirements ◽  
Security And Privacy ◽  
Cloud Service Providers ◽  
Compliance Requirements ◽  
Cloud Users

Many firms are seeing the benefits of moving to the cloud. For the sake of their customers' data, cloud service providers are required by law to maintain the highest levels of data security and privacy. Most cloud service providers employ a patchwork of security and privacy safeguards while industry standards are being created. The upshot is that customers of cloud services are unsure whether or not the security protections supplied by these services are enough to meet their specific security and compliance requirements. In this article, we have discussed the many threats cloud users face and emphasized the compliance frameworks and security processes that should be in place to minimize the risk. To categorize cloud security measures, risks, and compliance requirements, we developed an ontology. We needed to design software to identify the high-level policy rules that must be applied in response to each danger as part of this initiative. Additionally, the program provides a list of cloud service providers that now satisfy specific security requirements. Even if they aren't familiar with the underlying technology, cloud users may utilize our system to build up their security policy and identify compatible providers.

Security and Privacy Requirements for the Internet of Things

2021 ◽  
Vol 2 (1) ◽  
pp. 1-37
Author(s):  
Nada Alhirabi ◽  
Omer Rana ◽  
Charith Perera
Keyword(s):  
Software Engineering ◽  
Internet Of Things ◽  
Development Process ◽  
Security And Privacy ◽  
Functional Requirements ◽  
Application Development ◽  
Privacy Requirements ◽  
Iot Applications ◽  
Different Types ◽  
Software And Hardware

The design and development process for internet of things (IoT) applications is more complicated than that for desktop, mobile, or web applications. First, IoT applications require both software and hardware to work together across many different types of nodes with different capabilities under different conditions. Second, IoT application development involves different types of software engineers such as desktop, web, embedded, and mobile to work together. Furthermore, non-software engineering personnel such as business analysts are also involved in the design process. In addition to the complexity of having multiple software engineering specialists cooperating to merge different hardware and software components together, the development process requires different software and hardware stacks to be integrated together (e.g., different stacks from different companies such as Microsoft Azure and IBM Bluemix). Due to the above complexities, non-functional requirements (such as security and privacy, which are highly important in the context of the IoT) tend to be ignored or treated as though they are less important in the IoT application development process. This article reviews techniques, methods, and tools to support security and privacy requirements in existing non-IoT application designs, enabling their use and integration into IoT applications. This article primarily focuses on design notations, models, and languages that facilitate capturing non-functional requirements (i.e., security and privacy). Our goal is not only to analyse, compare, and consolidate the empirical research but also to appreciate their findings and discuss their applicability for the IoT.

scholarly journals Software engineering based secured E-payment system

2021 ◽  
Vol 11 (5) ◽  
pp. 4413
Author(s):  
Muayad Sadik Croock ◽  
Rawan Ali Taaban
Keyword(s):  
Neural Network ◽  
Software Engineering ◽  
Key Management ◽  
Back Propagation ◽  
Payment System ◽  
Security And Privacy ◽  
Payment Systems ◽  
The Neural Network ◽  
Efficient Performance ◽  
Money Transfer

Nowadays, the E-payment systems have been considered to be the safe way of money transfer in most of modern institutes and companies. Moreover, the security is important side of these systems to ensure that the money transfer is done safely. Software engineering techniques are used for guaranteeing the applying of security and privacy of such systems. In this paper, a secure E-payment system is proposed based on software engineering model and neural network technology. This system uses different proposed algorithms for applying authentication to the devices of users as mobile application. They are used to control the key management in the system. It uses the neural network back-propagation method for ensuring the security of generated keys that have sufficient random levels. The proposed system is tested over numerous cases and the obtained results show an efficient performance in terms of security and money transfer. Moreover, the generated keys are tested according to NIST standards.

Abstraction: An alternative neurocognitive account of recognition, prediction, and decision making

2020 ◽  
Vol 43 ◽  
Author(s):  
Valerie F. Reyna ◽  
David A. Broniatowski
Keyword(s):  
Decision Making ◽  
Software Engineering ◽  
Systems Engineering ◽  
Evidence Based ◽  
Extensive Literature ◽  
Trace Theory ◽  
Fuzzy Trace Theory ◽  
Abstract Representations ◽  
Technical Systems

Abstract Gilead et al. offer a thoughtful and much-needed treatment of abstraction. However, it fails to build on an extensive literature on abstraction, representational diversity, neurocognition, and psychopathology that provides important constraints and alternative evidence-based conceptions. We draw on conceptions in software engineering, socio-technical systems engineering, and a neurocognitive theory with abstract representations of gist at its core, fuzzy-trace theory.

Sign in / Sign up

Export Citation Format

Share Document