This paper proposes an extension to RUP that deals with security. It was noted that RUP doesn’t deal with security directly but its documented through supplementary requirements. The idea then was to have security directly involved with the process. Instead of using UML (Unified Modeling Language) to model the process, this paper uses UMA (Unified Modeling Architecture), which combines concepts from various sources. Security becomes directly involved by being a discipline that follows activities, tasks, roles, and work products.
This was chosen; extending RUP, instead of customizing it because with customizing it could get difficult since there are workflows that interact with each other. There are 6 activities proposed; those being Security Plan Development, Misuse Cases Definition, Threat Identification and Analysis, Security Requirements Definition, Security Policy, Architecture Refinement for Security, and Security Test Elaboration.
There are five roles proposed: Security Manager, Security Engineer, Security Software Architect, Security Manager, and Security Tester. There are quite a few workproducts that can be read in the paper. An example is given of how a system was built with the proposed extension.
This was chosen; extending RUP, instead of customizing it because with customizing it could get difficult since there are workflows that interact with each other. There are 6 activities proposed; those being Security Plan Development, Misuse Cases Definition, Threat Identification and Analysis, Security Requirements Definition, Security Policy, Architecture Refinement for Security, and Security Test Elaboration.
There are five roles proposed: Security Manager, Security Engineer, Security Software Architect, Security Manager, and Security Tester. There are quite a few workproducts that can be read in the paper. An example is given of how a system was built with the proposed extension.
No comments:
Post a Comment