198 Dependable Requirements Engineering and Change Management of Security-Critical ICT-Driven Systems (PSAM-0101) Available to Purchase

Especially within Information and Communication Technologies (ICT) and their applications in different branches, several approaches have been proposed towards a better system development process.

Nevertheless, despite the availability of detailed guidelines behind each approach (also called life cycle model), none links the concept of requirement to other development stages than the very first stages of the development process, i.e., where the business case and the overall requirements are defined. Furthermore, the models do not offer guidelines on how to achieve traceability among these requirements. Also, if system properties are addressed at all, the implied concern is almost entirely on functional and operational aspects, and not other dependability factors such as safety, security, reliability, flexibility and maintainability. To exemplify, there exist no instructions on how the security issues associated with the specific system architecture or application domain can influence the length of a certain development stage, or the amount of certain sub-activities during the iteration. The lack of addressing dependability factors in available life cycle models explains also why the concept of risk and risk analysis has not been an issue to take into account for these models.

In order to remain informative, communicative and applicable for several groups of users, systems driven by ICT (Information and Communication Technology) usually offer a relatively high degree of application possibilities. The systems are typically open-ended or have interfaces with open-ended systems, and must therefore be secured against possible threats or malevolent actions. The introduction and management of even minor changes in such systems can lower the system applicability or make the system potentially dangerous to use. In the first case, the reason could be a new security countermeasure that lacks accounting for all impacts on the system. In the latter case, the reason could be that a change has made a security guard practically useless.

Change management is closely related to the dependability of the approach used for carrying out the system development process (system life cycle) and the system itself, the product. All life cycle models, however, lack indications on how to carry out the development process. This paper suggests that the remedy for the problem lies in how to perceive the discipline of requirements engineering. The paper suggests that assuming the discipline to deal with not only the higher stages (levels or phases) of the system life cycle but also all other stages indeed offer the answer to how a system development process is in practice followed. Applying the concept of requirement to all levels of the system life cycle while requirements engineering will force the engineer to specify how each level of a V, Spiral, Water Fall or RUP model is carried out and what are the links amongst the levels.

Clear and sound change management mechanisms are necessary to ensure the dependability of the task of requirements engineering, given the task is understood as suggested in this work. Typically, the requirements at each stage of the system development process undergo many changes before the development is completed. These changes may be due to changes in the prospected operation environment, but may also happen simply as a result of improved insight during the development or a desire to incorporate technological advances into the development stages (use of new methods, procedures, tools, etc.). Thus, it appears that change management mechanisms themselves depend highly on whether they utilise requirements traceability mechanisms.

This paper brings into focus the influence of dependable requirements engineering and change management in the dependability of specially security-critical ICT-driven systems, and suggests efforts towards a unified framework for taking into account the correlations and conflicts between security and other system dependability factors (safety, reliability, accessibility, flexibility, user-friendliness, etc.) when engineering the ICT-driven systems and when introducing changes in the original requirements defined at different levels of the systems' development process.