liu.seSearch for publications in DiVA
Change search
Link to record
Permanent link

Direct link
BETA
Gustavsson, Jens
Publications (7 of 7) Show all publications
Wilander, J. & Gustavsson, J. (2007). The Impact of Neglecting Domain-Specific Security and Privacy Requirements. In: Proceedings of the 12th Nordic Workshop on Secure IT Systems (Nordsec 2007). Paper presented at The 12th Nordic Workshop on Secure IT Systems (Nordsec 2007), October 11-12, 2007, Reykjavik, Iceland.
Open this publication in new window or tab >>The Impact of Neglecting Domain-Specific Security and Privacy Requirements
2007 (English)In: Proceedings of the 12th Nordic Workshop on Secure IT Systems (Nordsec 2007), 2007Conference paper, Published paper (Other academic)
Abstract [en]

In a previous field study of eleven software projects including e-business, health care and military applications we documented current practice in security requirements. The overall conclusion of the study was that security requirements are poorly and inconsistently specified. However, two important questions remained open; what are the reasons for the inconsistencies, and what is the impact of such poor security requirements? In this paper we seek the answers by performing in-depth interviews with three of the customers from the previous study. The interviews show that mature producers of software (in this case IBM, Cap Gemini, and WM-Data) compensate for poor requirements in areas within their expertise, namely software engineering. But in the case of security and privacy requirements specific to the customer domain, such compensation is not found. In all three cases this has led to security and/or privacy flaws in the systems. Our conclusion is that special focus needs to be put on domain-specific security and privacy needs when eliciting customer requirements.

Keywords
security and privacy requirements, requirements engineering
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-90026 (URN)
Conference
The 12th Nordic Workshop on Secure IT Systems (Nordsec 2007), October 11-12, 2007, Reykjavik, Iceland
Available from: 2013-03-15 Created: 2013-03-15 Last updated: 2018-01-11
Gustavsson, J. & Österlund, M. (2005). Requirements on Maintainability of Software Systems. In: Fifth Conference on Software Engineering Research and Practice in Sweden,2005 (pp. 39-47).
Open this publication in new window or tab >>Requirements on Maintainability of Software Systems
2005 (English)In: Fifth Conference on Software Engineering Research and Practice in Sweden,2005, 2005, p. 39-47Conference paper, Published paper (Refereed)
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-30754 (URN)16371 (Local ID)16371 (Archive number)16371 (OAI)
Available from: 2009-10-09 Created: 2009-10-09 Last updated: 2018-01-13
Wilander, J. & Gustavsson, J. (2005). Security Requirements---A Field Study of Current Practice. In: Symposium on Requirements Engineering for Information Security,2005. Paper presented at 13th IEEE International Requirements Engineering Conference, August 29th-September 2nd, Paris, France.
Open this publication in new window or tab >>Security Requirements---A Field Study of Current Practice
2005 (English)In: Symposium on Requirements Engineering for Information Security,2005, 2005Conference paper, Published paper (Refereed)
Abstract [en]

The number of security flaws in software is a costly problem. In 2004 more than ten new security vulnerabilities were found in commercial and open source software every day. More accurate and consistent security requirements could be a driving force towards more secure software. In a field study of eleven software projects including e-business, health care and military applications we have documented current practice in security requirements. The overall conclusion is that security requirements are poorly specified due to three things: inconsistency in the selection of requirements, inconsistency in level of detail, and almost no requirements on standard security solutions. We show how the requirements could have been enhanced by using the ISO/IEC standard for security management.

Keywords
security requirements, requirements engineering, public procurement
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-29496 (URN)14851 (Local ID)14851 (Archive number)14851 (OAI)
Conference
13th IEEE International Requirements Engineering Conference, August 29th-September 2nd, Paris, France
Available from: 2009-10-09 Created: 2009-10-09 Last updated: 2018-01-13Bibliographically approved
Gustavsson, J., Staijen, T. & Assmann, U. (2004). Runtime Evolution as an Aspect. In: First International Workshop on Foundations ofUnanticipated Software Evolution,2004.
Open this publication in new window or tab >>Runtime Evolution as an Aspect
2004 (English)In: First International Workshop on Foundations ofUnanticipated Software Evolution,2004, 2004Conference paper, Published paper (Refereed)
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-22639 (URN)1925 (Local ID)1925 (Archive number)1925 (OAI)
Available from: 2009-10-07 Created: 2009-10-07 Last updated: 2018-01-13
Gustavsson, J. (2004). Strategies for Handling the Activity Problem in Runtime Software Evolution by Reducing Activity. In: InternationalConference on Software Maintenance,2004 (pp. 525).
Open this publication in new window or tab >>Strategies for Handling the Activity Problem in Runtime Software Evolution by Reducing Activity
2004 (English)In: InternationalConference on Software Maintenance,2004, 2004, p. 525-Conference paper, Published paper (Refereed)
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-22641 (URN)1927 (Local ID)1927 (Archive number)1927 (OAI)
Available from: 2009-10-07 Created: 2009-10-07 Last updated: 2018-01-13
Gustavsson, J. (2003). A Classification of Unanticipated Runtime Software Changes in Java. In: International Conference on Software Maintenance,2003. IEEE Computer Society
Open this publication in new window or tab >>A Classification of Unanticipated Runtime Software Changes in Java
2003 (English)In: International Conference on Software Maintenance,2003, IEEE Computer Society , 2003Conference paper, Published paper (Refereed)
Place, publisher, year, edition, pages
IEEE Computer Society, 2003
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-30755 (URN)16372 (Local ID)16372 (Archive number)16372 (OAI)
Available from: 2009-10-09 Created: 2009-10-09 Last updated: 2018-01-13
Gustavsson, J. (2003). Towards unanticipated runtime software evolution. (Licentiate dissertation). Linköping: Linköpings universitet
Open this publication in new window or tab >>Towards unanticipated runtime software evolution
2003 (English)Licentiate thesis, monograph (Other academic)
Abstract [en]

For some software systems with high availability requirements, it is not acceptable to have the system shut down when a new version of it is to be deployed. An alternative is to use unanticipated runtime software evolution, which means making changes to the Software system while it is executing. We propose a classification of unanticipated runtime software changes. Our classification consists of a code change aspect, a state change aspect, an activity aspect and a motivation aspect. The purpose of the classification is to get a greater understanding of the nature of such changes, and to facilitate an abstract view of them. We also present a case study, where historical changes to an existing software system have been categorized according to the classification. The data from the case study gives an indication that the Java Platform Debugger Architecture, a standard mechanism in Java virtual machines, is a viable technical foundation for runtime software evolution systems.

We also discuss taxonomies of unanticipated runtime software evolution and propose an extension to the concept of validity of runtime changes. 

Place, publisher, year, edition, pages
Linköping: Linköpings universitet, 2003. p. 86
Series
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1008
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-42652 (URN)67661 (Local ID)91-7373-630-9 (ISBN)67661 (Archive number)67661 (OAI)
Presentation
2003-04-29, John von Neumann (f.d. Belöningen), Hus B, Linköpings universitet, Linköping, 13:15 (Swedish)
Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2018-01-12
Organisations

Search in DiVA

Show all publications