This package contains the foundational interfaces and classes of the RQCODE framework, implementing the Seamless Object-Oriented Requirements (SOOR) paradigm.
RQCODE represents security requirements as executable Java classes that combine:
- Natural language descriptions (statements)
- Verification logic (
check()method) - Optional enforcement logic (
enforce()method)
classDiagram
class Checkable {
<<interface>>
+check() CheckStatus
}
class Enforceable {
<<interface>>
+enforce() EnforcementStatus
}
class Requirement {
<<abstract>>
-statement: String
+getStatement() String
+setStatement(String) void
+check() CheckStatus
}
class EnforceableRequirement {
<<abstract>>
+enforce() EnforcementStatus
}
class CombinedRequirements {
<<abstract>>
#getRequirements() List~Requirement~
+check() CheckStatus
}
Checkable <|.. Requirement : implements
Requirement <|-- EnforceableRequirement : extends
Requirement <|-- CombinedRequirements : extends
Enforceable <|.. EnforceableRequirement : implements
The Checkable interface defines requirements that can be verified programmatically:
public interface Checkable {
CheckStatus check();
enum CheckStatus {
PASS, // Requirement is satisfied
FAIL, // Requirement is not satisfied
INCOMPLETE // Verification could not be performed
}
}The Enforceable interface defines requirements that can apply countermeasures:
public interface Enforceable {
EnforcementStatus enforce();
enum EnforcementStatus {
SUCCESS, // Enforcement applied successfully
FAILURE, // Enforcement failed
INCOMPLETE // Enforcement could not be performed
}
}The base class for all RQCODE requirements. Implements Checkable and provides:
- A
statementfield for the natural language description - Tracking of last check/enforcement status
- Abstract
check()method to be implemented by subclasses
public class MyRequirement extends Requirement {
public MyRequirement() {
super("The system must satisfy condition X");
}
@Override
public CheckStatus check() {
// Verification logic
return condition ? CheckStatus.PASS : CheckStatus.FAIL;
}
}Extends Requirement and implements Enforceable for requirements that can both verify and apply fixes:
public class MyEnforceableRequirement extends EnforceableRequirement {
public MyEnforceableRequirement() {
super("The system must have setting X enabled");
}
@Override
public CheckStatus check() {
// Check if setting X is enabled
}
@Override
public EnforcementStatus enforce() {
// Enable setting X
}
}An abstract class for composing multiple requirements. Implements a default check() that verifies all sub-requirements:
public class MyCombinedRequirement extends CombinedRequirements {
private Requirement req1 = new Requirement1();
private Requirement req2 = new Requirement2();
@Override
protected List<Requirement> getRequirements() {
return List.of(req1, req2);
}
}The combined check returns:
PASSonly if all requirements pass- The first non-passing status otherwise
Requirements are "seamless" because they bridge the gap between:
- Specification: Natural language statement describing what must hold
- Verification: Executable code that checks the requirement
- Enforcement: Optional code that fixes violations
RQCODE supports two reuse mechanisms:
- Inheritance: Extend existing requirements to add constraints
- Composition: Combine multiple requirements into one (via
CombinedRequirements)
- Sadovykh, A., et al. "Security requirements formalization with RQCODE." CyberSecurity in a DevOps Environment, Springer, 2023.
- Naumchev, A., Meyer, B. "Seamless requirements." Computer Languages, Systems & Structures, 2017.