In a software product line, security may need to be varied. Consequently, security variability must be managed both from the customer and product line architecture point of view. We utilize design science to build an artifact and a generalized design theory for representing and configuring security and functional variability from the requirements to the architecture in a configurable software product line. An open source web shop product line, Magento, is used as a case example to instantiate and evaluate the contribution. The results indicate that security variability can be represented and distinguished as countermeasures; and that a configurator tool is able to find consistent products as stable models of answer set programs.
Varvana Myllärniemi, Mikko Raatikainen (Aalto University), Tomi Männistö (University of Helsinki): Representing and Configuring Security Variability in Software Product Lines
Presented at QoSA’15