Software requirements and architecture modeling for evolving non-secure applications into secure applications

Michael E. Shin, Hassan Gomaa

Research output: Contribution to journalArticle

20 Scopus citations


This paper describes an approach to modeling the evolution of non-secure applications into secure applications in terms of the software requirements model and software architecture model. The requirements for security services are captured separately from application requirements, and the security services are encapsulated in connectors in the software architecture, separately from the components providing functional services. The enterprise architecture is described in terms of use case models, static models, and dynamic models. The software architecture is described in terms of components and connectors, which can be deployed to distributed configurations. By separating application concerns from security concerns, the evolution from a non-secure application to a secure application can be achieved with less impact on the application. An electronic commerce system is described to illustrate the approach.

Original languageEnglish
Pages (from-to)60-70
Number of pages11
JournalScience of Computer Programming
Issue number1
StatePublished - Apr 15 2007



  • Application system
  • Evolution
  • Security
  • Software architecture
  • Software requirements

Cite this