Emerging Trends in ICT Security: Chapter 13. Designing Trustworthy Software Systems Using the NFR Approach (Emerging Trends in Computer Science and Applied Computing)

Trustworthy systems are essential for critical operations—they ensure that reliability, usability, interoperability, and security are built into the systems, and that the systems deliver when they are most needed. There are environments where trustworthiness is an essential property in military, government, and civil domains. Examples include missile deployment control systems, the tax submission system of the federal government, and nuclear safety control systems. However, not many methods exist for the systematic engineering of trustworthy software systems. In this chapter we describe the application of the NFR Approach for designing a trustworthy software system. The NFR Approach, where NFR stands for “non-functional requirement,” treats trustworthiness as a goal to be achieved during the process of software development. The NFR Approach uses a structure called the Softgoal Interdependency Graph to capture the trustworthiness definition, depict architectural elements as softgoals, and rationalize the extent of trustworthiness in the design. Advantages of this approach include the ability to nurture consensus among multiple definitions of trustworthiness, capture design rationale, evaluate qualitatively the extent of trustworthiness achieved, and maintain historical records of design decisions. We apply the NFR Approach to design a trustworthy Phoenix system, which is a message-oriented middleware system used by the US Air Force.