Software requirements and architecture modeling for evolving non-secure applications into secure applications

This paper describes an approach to modeling the evolution of non-secure applications into secure applications in terms of the software requirements model and software architecture model. The requirements for security services are captured separately from application requirements, and the security services are encapsulated in connectors in the software architecture, separately from the components providing functional services. The enterprise architecture is described in terms of use case models, static models, and dynamic models. The software architecture is described in terms of components and connectors, which can be deployed to distributed configurations. By separating application concerns from security concerns, the evolution from a non-secure application to a secure application can be achieved with less impact on the application. An electronic commerce system is described to illustrate the approach.