Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
”How can it possibly be so hard to apply RE in real world projects” Dominik Richter
RE in Practiceor
Why am I here today?
• You will have great job opportunities
• You will have to decide what you want to do.What's the most interesting to you.
I can give you my perspective on REand why I like it so much.
© 2018 International Business Machines Corporation | Page 3
Dominik RichterSenior Technical
Consultant
Computer ScienceM.Sc.
Studies
Project: SecuTABLET
Hobbies
Technical Consultant
Sports• Judo• Freeletics• Running
Organizing summer camps for teenagers
Project: Electronic Health Record(Elektronische Gesundheitsakte)
A1
Project: Mobile Terminal(Mobiles Terminal)
© 2018 International Business Machines Corporation | Page 4
Business Analysis @ DBRE in a 40-people agile project
RE & AgileDoes SCRUM solve all problems?
Starting@IBMSome insights on being a
consultant at IBM
Security RequirementsIs that a thing!?
Agenda
This presentation comprises my lessons learned over the course of three projects (2.5 years)
Is that a thing?Security Requirements
Based on the experiences during the project “SecuTABLET”, which is also introduced in the following.
© 2018 International Business Machines Corporation | Page 6
Who is involved?
SecuTABLET is developed by Secusmart, Blackberry and IBM, in cooperation with Samsung.
Development
© 2018 International Business Machines Corporation | Page 7
Contents
7
User‘s Perspective
Risk Owner‘s
Perspective
Developer‘s
Perspective
Dealing with those requirements is
what I remembered from this lecture
The amount of work related to those
requirements was quite surprising
• Conceptual Idea
• Implementation
• Challenges
To understand SecuTABLET, we’ll take a look at three perspectives.
© 2018 International Business Machines Corporation | Page 8
The User‘s Perspective
From the user’s perspective, Secutablet provides an additional “secure space” with higher security.
8
User‘s Perspective
© 2018 International Business Machines Corporation | Page 9
The Risk Owner‘s Perspective
From the risk owner’s perspective, it is crucial that several restrictions are applied to the “secure space”
9
Risk Owner‘s Perspective
© 2018 International Business Machines Corporation | Page 10
Developer’s Perspective (conceptual)
From the developers perspective, SecuCONNECT, SecuSTORE and the SPL build the solution.
10
SecuSTORE
Secure Smartcard
SecuCONNECT
Security Policy Layer Private App
Secure App
Trusted App StoreManages Security SettingsIntegrates SSC
Enforces Security Policies- Encryption- VPN Usage- …
„Unmodified App“- Calls are intercepted- Resigned
Unmodified App
Provides VPN Accessto enterprise backend
Developer‘s Perspective
Ok, I get the idea. So what’s the deal with “security requirements” now. Isn’t that the same as every functional requirement?
Nope.
Federal Office for Information Security
Nope.
Federal Office for Information Security
Depending on the required security level, there is a
corresponding approval process that needs to be followed.
Nope.
Federal Office for Information Security
Depending on the required security level, there is a corresponding approval process that needs to be
followed.
Also, the requirements are not only about security features of
the product, but also requirements imposed on the
development process
© 2018 International Business Machines Corporation | Page 15
There are several security levels. SecuTABLET “only” needs “VS-NfD”-approvalSecurity levels. An overview.
Streng geheim(“Top secret”)
Geheim(“Secret”)
Verschlusssache - Vertraulich(“Confidential”)
Verschlusssache – Nur für den Dienstgebrauch
("Restriced")
VS-NfDapproval process
The BSI is a federal office.So I bet the approval process is well
documented.
© 2018 International Business Machines Corporation | Page 1717
That‘s right.
… just take care of all requirements one after another.
© 2018 International Business Machines Corporation | Page 1818
Device
Software
TOE
Is this secure?
For obvious reasons, we don’t want to discuss the whole process in detail today…VS-NfD approval process: Key concepts – Definition of Security
© 2018 International Business Machines Corporation | Page 1919
Device
Software
TOE
Is this secure?
VS-NfD approval process: Key concepts – Definition of Security
© 2018 International Business Machines Corporation | Page 2020
How secure is the ?
Device
Software
TOE
VS-NfD approval process: Key concepts – Definition of Security
© 2018 International Business Machines Corporation | Page 21
The approval process imposes many requirements on the development processVS-NfD approval process - breakdown
Even more requirements
Even more requirements
Even more requirements
Security target
document
Functional Testing
© 2018 International Business Machines Corporation | Page 22
The ST describes what the TOE needs to be protected against.Quick glance at Security Target document (ST) and Functional Testing (ATE_FUN)
Even more requirements
Even more requirements
Even more requirements
Security target document
Functional TestingSecurity Problem Definition
Security Objectives
© 2018 International Business Machines Corporation | Page 23
(ASE_SPD.NfD.1D) The developer shall provide a security problem definition.
(ASE_SPD.NfD.1C) The security problem definition shall describe the threats.
(ASE_SPD.NfD.2C) All threats shall be described in terms of a threat agent, an asset, and an adverse action.
The ST describes what the TOE needs to be protected against.Quick glance at Security Target document (ST) and Functional Testing (ATE_FUN)
Even more requirements
Even more requirements
Even more requirements
Security target document
Functional TestingSecurity Problem Definition
Security Objectives
© 2018 International Business Machines Corporation | Page 24
(ASE_SPD.NfD.1D) The developer shall provide a security problem definition.
(ASE_SPD.NfD.1C) The security problem definition shall describe the threats.
(ASE_SPD.NfD.2C) All threats shall be described in terms of a threat agent, an asset, and an adverse action.
ATE_FUN provides evidence that the desired security requirements are met.Quick glance at Security Target document (ST) and Functional Testing (ATE_FUN)
Even more requirements
Even more requirements
Even more requirements
Security target document Functional Testing
Security Problem Definition
Security Objectives
(ATE_FUN.NfD.1D) The developer shall test the TSF and document the results. …(ATE_FUN.NfD.1C) The test documentation shall consist of test plans, expected test results and actual test results.
(ATE_FUN.NfD.2C) The test plans shall identify the tests to be performed and describe the scenarios for performing each test. [..]
With such a focus on security, where does this leave all other requirements?
© 2018 International Business Machines Corporation | Page 26
While we need to adhere to security requirements, we are on the clients side, supporting features.Definition of Security
Client BSI
Security requirements(imply reduction of functionality)Extension of functionality
We arehere
© 2018 International Business Machines Corporation | Page 27
For security-related products, managing the balance and expectations is even more importantLessons Learned
• “Security Requirements” may define one of two kinds of requirements– Security features of a product
– Requirements with respect to the development process, needed for security approval
• Security Requirements need to be defined upfront– What are the attack scenarios?
– Whom can I trust?
– How high are our security needs?
• User expectations must me managed in accordance and right from the start
Requirements Engineering in an agile 40-people projectBusiness Analysis @ Deutsche Bahn
Based on the experiences during the project “Mobiles Terminal” (Mobile Terminal), which is also introduced in the following.
© 2018 International Business Machines Corporation | Page 29
What is the Mobile Terminal?
• Android tablet with special hardware, incl.
– Printer– Smartcard-Reader– Secure Access Module– Scanner
• Used to check and sell (rail-) tickets
The Mobile Terminal (MT) is an Android Tablet used to check and sell rail tickets
Ongoing development to add new features, e.g. Komfort-Check-in (KCI)
© 2018 International Business Machines Corporation | Page 30
Team Structure & Tasks
Dev Team
Business
Analyst (BA)
TesterPO
Team 2
Team 3
Team 4
1Scrum
Master
System
Architect
Chief
Product Owner
Release Train
Engineer
There are 4 SCRUM teams, coordinated by 3 additional roles
SCRUM Team
© 2018 International Business Machines Corporation | Page 31
The Tasks of a Busines Analyist (BA)
In this project, the BA role comprizes the tasks of a Requirement Engineer
The BA is responsible to
• Define and refine features
• Break them to user stories with
acceptance criteria
• Communicate with stakeholders
• Collaborate with the developers
• Document what is implemented
Feature: „ DBonICE Wifi“For train attendents
who use the MTthe feature DBonICE Wifi
is a connectivity improvement to use Wifirather than only using cellular data
User Story 1As train attendent
I want to connect to the DBonICE wifi
so that I have a more reliable data connection
User Story n
…
BA
Stakeholder
PO
Dev TeamDocumentation
© 2018 International Business Machines Corporation | Page 32
Requirements Engineering (and consulting) is a people business.Lessons Learned
• Writing good features and US is hard. Also, your client does not know howto do it. Better learn it now.
• Don’t let your developers talk to your client without strict supervision. Theyare nice guys and commit to much more than you want.
• Technical knowledge and understanding are the basis of what you are doing.Your main work is with people. Learn how to deal with them.
Does SCRUM solve all problems?
RE & Agile
Based on the experiences during the project “Elektronische
Gesundheitsakte” (Electronic Health Record), which is also
introduced in the following.
© 2018 International Business Machines Corporation | Page 34
The eGA is realized with apps for iOS & Android plus backend systems. Elektronische Gesundheitsakte (eGA) [electronic health record] at a glance.
eGA Mobile App(iOS / Android)
eGA Backend System
TK Backend system
© 2018 International Business Machines Corporation | Page 35
Agile is hypted a lot. Therefore, a lot of people have too high expectationsWhat does Agile NOT mean
© 2018 International Business Machines Corporation | Page 36
The Product Owner & Backlog act as valve between two worlds: “Push” & ”Pull”RE in Agile projects
https://www.youtube.com/watch?v=LDPc1fyFVbY
© 2018 International Business Machines Corporation | Page 37
Pressure is what kills effective requirements management (and development, for that matter).Agile RE gone wrong
© 2018 International Business Machines Corporation | Page 38
Agile has a lot of potential to improve RE in a project (but that doesn’t mean it always does)Lessons learned
• Agile is hypted a lot. Therefore, a lot of people have too high expectations
• Pressure is what kills effective requirements management.– Leads to frequently changing prioritization
– Leaves the developers frustrated
• The PO’s role is crucial not only to create & prioritize tasks, but also tomake sure stories are not pushed onto the developers
• Agile requires a lot of organizational change, which is why (especially) bigcompanies – both manufacturer’s and clients – struggle with it
Some insights on being a consultant at IBMStarting @IBM
© 2018 International Business Machines Corporation | Page 40
A consultant‘s week
There is no ‚typical day‘ in a life of a consultant, but here‘s a rough week overview.
Mon Tue Wed Thu Fri
06:00
12:00
18:00
Getting up
Getting up Getting up Check out
WEEKEND!
J
© 2018 International Business Machines Corporation | Page 41
Consulting by Degree
• Consulting by Degree is a
Development program for graduates
• Focused training, one-on-one mentoring, …
• Practical experiencefrom Day 1
• Promotion after<= 2 years
Consulting by Degree provides amazing trainings which help you shape your profile.
© 2016 IBM Corporation 42
Thank you for your attention. Questions?
Dominik [email protected]
Mobile: +49-160-8879183
RE in PracticeDominik Richter
© 2018 International Business Machines Corporation | Page 43
• http://www.taz.de/picture/93081/948/akten_08.jpg• https://www.youtube.com/watch?v=wYCFIMDYfDI• Bonus: “The Expert”: https://www.youtube.com/watch?v=BKorP55Aqvg
43
References