RE in Practice - Software engineering€¦ · RE in Practice or. Why am I here today? ... Scrum Master System Architect Chief Product Owner Release Train ... The Tasks of a Busines

”How can it possibly be so hard to apply RE in real world projects” Dominik Richter

RE in Practiceor

Why am I here today?

• You will have great job opportunities

• You will have to decide what you want to do.What's the most interesting to you.

I can give you my perspective on REand why I like it so much.

© 2018 International Business Machines Corporation | Page 3

Dominik RichterSenior Technical

Consultant

Computer ScienceM.Sc.

Studies

Project: SecuTABLET

Hobbies

Technical Consultant

Sports• Judo• Freeletics• Running

Organizing summer camps for teenagers

Project: Electronic Health Record(Elektronische Gesundheitsakte)

A1

Project: Mobile Terminal(Mobiles Terminal)


Business Analysis @ DBRE in a 40-people agile project

RE & AgileDoes SCRUM solve all problems?

Starting@IBMSome insights on being a

consultant at IBM

Security RequirementsIs that a thing!?

Agenda

This presentation comprises my lessons learned over the course of three projects (2.5 years)

Is that a thing?Security Requirements

Based on the experiences during the project “SecuTABLET”, which is also introduced in the following.


Who is involved?

SecuTABLET is developed by Secusmart, Blackberry and IBM, in cooperation with Samsung.

Development


Contents

7

User‘s Perspective

Risk Owner‘s

Perspective

Developer‘s

Perspective

Dealing with those requirements is

what I remembered from this lecture

The amount of work related to those

requirements was quite surprising

• Conceptual Idea

• Implementation

• Challenges

To understand SecuTABLET, we’ll take a look at three perspectives.


The User‘s Perspective

From the user’s perspective, Secutablet provides an additional “secure space” with higher security.

8

User‘s Perspective


The Risk Owner‘s Perspective

From the risk owner’s perspective, it is crucial that several restrictions are applied to the “secure space”

9

Risk Owner‘s Perspective


Developer’s Perspective (conceptual)

From the developers perspective, SecuCONNECT, SecuSTORE and the SPL build the solution.

10

SecuSTORE

Secure Smartcard

SecuCONNECT

Security Policy Layer Private App

Secure App

Trusted App StoreManages Security SettingsIntegrates SSC

Enforces Security Policies- Encryption- VPN Usage- …

„Unmodified App“- Calls are intercepted- Resigned

Unmodified App

Provides VPN Accessto enterprise backend

Developer‘s Perspective

Ok, I get the idea. So what’s the deal with “security requirements” now. Isn’t that the same as every functional requirement?

Nope.

Federal Office for Information Security

Nope.


Depending on the required security level, there is a

corresponding approval process that needs to be followed.

Nope.


Depending on the required security level, there is a corresponding approval process that needs to be

followed.

Also, the requirements are not only about security features of

the product, but also requirements imposed on the

development process


There are several security levels. SecuTABLET “only” needs “VS-NfD”-approvalSecurity levels. An overview.

Streng geheim(“Top secret”)

Geheim(“Secret”)

Verschlusssache - Vertraulich(“Confidential”)

Verschlusssache – Nur für den Dienstgebrauch

("Restriced")

VS-NfDapproval process

The BSI is a federal office.So I bet the approval process is well

documented.


That‘s right.

… just take care of all requirements one after another.


Device

Software

TOE

Is this secure?

For obvious reasons, we don’t want to discuss the whole process in detail today…VS-NfD approval process: Key concepts – Definition of Security


Device

Software

TOE

Is this secure?

VS-NfD approval process: Key concepts – Definition of Security


How secure is the ?

Device

Software

TOE

VS-NfD approval process: Key concepts – Definition of Security


The approval process imposes many requirements on the development processVS-NfD approval process - breakdown

Even more requirements



Security target

document

Functional Testing


The ST describes what the TOE needs to be protected against.Quick glance at Security Target document (ST) and Functional Testing (ATE_FUN)




Security target document

Functional TestingSecurity Problem Definition

Security Objectives


(ASE_SPD.NfD.1D) The developer shall provide a security problem definition.

(ASE_SPD.NfD.1C) The security problem definition shall describe the threats.

(ASE_SPD.NfD.2C) All threats shall be described in terms of a threat agent, an asset, and an adverse action.

The ST describes what the TOE needs to be protected against.Quick glance at Security Target document (ST) and Functional Testing (ATE_FUN)




Security target document

Functional TestingSecurity Problem Definition

Security Objectives


(ASE_SPD.NfD.1D) The developer shall provide a security problem definition.

(ASE_SPD.NfD.1C) The security problem definition shall describe the threats.

(ASE_SPD.NfD.2C) All threats shall be described in terms of a threat agent, an asset, and an adverse action.

ATE_FUN provides evidence that the desired security requirements are met.Quick glance at Security Target document (ST) and Functional Testing (ATE_FUN)




Security target document Functional Testing

Security Problem Definition

Security Objectives

(ATE_FUN.NfD.1D) The developer shall test the TSF and document the results. …(ATE_FUN.NfD.1C) The test documentation shall consist of test plans, expected test results and actual test results.

(ATE_FUN.NfD.2C) The test plans shall identify the tests to be performed and describe the scenarios for performing each test. [..]

With such a focus on security, where does this leave all other requirements?


While we need to adhere to security requirements, we are on the clients side, supporting features.Definition of Security

Client BSI

Security requirements(imply reduction of functionality)Extension of functionality

We arehere


For security-related products, managing the balance and expectations is even more importantLessons Learned

• “Security Requirements” may define one of two kinds of requirements– Security features of a product

– Requirements with respect to the development process, needed for security approval

• Security Requirements need to be defined upfront– What are the attack scenarios?

– Whom can I trust?

– How high are our security needs?

• User expectations must me managed in accordance and right from the start

Requirements Engineering in an agile 40-people projectBusiness Analysis @ Deutsche Bahn

Based on the experiences during the project “Mobiles Terminal” (Mobile Terminal), which is also introduced in the following.


What is the Mobile Terminal?

• Android tablet with special hardware, incl.

– Printer– Smartcard-Reader– Secure Access Module– Scanner

• Used to check and sell (rail-) tickets

The Mobile Terminal (MT) is an Android Tablet used to check and sell rail tickets

Ongoing development to add new features, e.g. Komfort-Check-in (KCI)


Team Structure & Tasks

Dev Team

Business

Analyst (BA)

TesterPO

Team 2

Team 3

Team 4

1Scrum

Master

System

Architect

Chief

Product Owner

Release Train

Engineer

There are 4 SCRUM teams, coordinated by 3 additional roles

SCRUM Team


The Tasks of a Busines Analyist (BA)

In this project, the BA role comprizes the tasks of a Requirement Engineer

The BA is responsible to

• Define and refine features

• Break them to user stories with

acceptance criteria

• Communicate with stakeholders

• Collaborate with the developers

• Document what is implemented

Feature: „ DBonICE Wifi“For train attendents

who use the MTthe feature DBonICE Wifi

is a connectivity improvement to use Wifirather than only using cellular data

User Story 1As train attendent

I want to connect to the DBonICE wifi

so that I have a more reliable data connection

User Story n

…

BA

Stakeholder

PO

Dev TeamDocumentation


Requirements Engineering (and consulting) is a people business.Lessons Learned

• Writing good features and US is hard. Also, your client does not know howto do it. Better learn it now.

• Don’t let your developers talk to your client without strict supervision. Theyare nice guys and commit to much more than you want.

• Technical knowledge and understanding are the basis of what you are doing.Your main work is with people. Learn how to deal with them.

Does SCRUM solve all problems?

RE & Agile

Based on the experiences during the project “Elektronische

Gesundheitsakte” (Electronic Health Record), which is also

introduced in the following.


The eGA is realized with apps for iOS & Android plus backend systems. Elektronische Gesundheitsakte (eGA) [electronic health record] at a glance.

eGA Mobile App(iOS / Android)

eGA Backend System

TK Backend system


Agile is hypted a lot. Therefore, a lot of people have too high expectationsWhat does Agile NOT mean


The Product Owner & Backlog act as valve between two worlds: “Push” & ”Pull”RE in Agile projects

https://www.youtube.com/watch?v=LDPc1fyFVbY

https://www.youtube.com/watch?v=LDPc1fyFVbY


Pressure is what kills effective requirements management (and development, for that matter).Agile RE gone wrong


Agile has a lot of potential to improve RE in a project (but that doesn’t mean it always does)Lessons learned

• Agile is hypted a lot. Therefore, a lot of people have too high expectations

• Pressure is what kills effective requirements management.– Leads to frequently changing prioritization

– Leaves the developers frustrated

• The PO’s role is crucial not only to create & prioritize tasks, but also tomake sure stories are not pushed onto the developers

• Agile requires a lot of organizational change, which is why (especially) bigcompanies – both manufacturer’s and clients – struggle with it

Some insights on being a consultant at IBMStarting @IBM


A consultant‘s week

There is no ‚typical day‘ in a life of a consultant, but here‘s a rough week overview.

Mon Tue Wed Thu Fri

06:00

12:00

18:00

Getting up

Getting up Getting up Check out

WEEKEND!

J


Consulting by Degree

• Consulting by Degree is a

Development program for graduates

• Focused training, one-on-one mentoring, …

• Practical experiencefrom Day 1

• Promotion after<= 2 years

Consulting by Degree provides amazing trainings which help you shape your profile.

© 2016 IBM Corporation 42

Thank you for your attention. Questions?

Dominik [email protected]

Mobile: +49-160-8879183

RE in PracticeDominik Richter


• http://www.taz.de/picture/93081/948/akten_08.jpg• https://www.youtube.com/watch?v=wYCFIMDYfDI• Bonus: “The Expert”: https://www.youtube.com/watch?v=BKorP55Aqvg

43

References

http://www.taz.de/picture/93081/948/akten_08.jpg

https://www.youtube.com/watch?v=wYCFIMDYfDI

https://www.youtube.com/watch?v=BKorP55Aqvg

Documents

RE in Practice - Software engineering€¦ · RE in Practice or. Why am I here today? ... Scrum Master System Architect Chief Product Owner Release Train ... The Tasks of a Busines