Towards Building Secure Software Systems

10.28945/2957 ◽  
2006 ◽  
Author(s):  
Adesina Simon Sodiya ◽  
Sadia Adebukola Onashoga ◽  
Olutayo Bamidele Ajayi
Keyword(s):  
Development Process ◽  
Software Security ◽  
Software Systems ◽  
Security Breaches ◽  
Software Products ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Model ◽  
Day To Day Operations ◽  
Design Defects

Software security breaches are now very extremely common and a larger percentage is caused by software design defects. Since individuals and organizations now completely depend on software systems for their day-to-day operations, it is then important to produce secure software products. This paper discusses the problems of producing secure software products and provides a model for improving software security. The model - Secure Software Development Model (SSDM), is unified model that integrates security engineering with software engineering so as to ensure effective production of secure software products. Supporting structure in form of laws is also presented to guide developers throughout the development process. We then present our experience that validates the model.

A Survey on Secure Software Development Lifecycles

2014 ◽  
pp. 17-33
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

A Survey on Secure Software Development Lifecycles

2013 ◽  
pp. 57-73 ◽  
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

scholarly journals Securing Software Systems - A Survey

2020 ◽  
Author(s):  
Yong Weixiong ◽  
Kohei Dozono ◽  
Robin Lee ◽  
Alvin Kon Soon Seng ◽  
Fatima tuz Zahra
Keyword(s):  
Development Process ◽  
User Behavior ◽  
Development Stage ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Concerns ◽  
Policy Awareness ◽  
Secure Software ◽  
Different Types ◽  
Development Processes

This paper aims to discuss the standard guidelines of the development process of secure software and will give justification on different types and ways of the software development processes. Additionally, a survey is conducted, the aim of which is to observe user behavior towards software system usage, user attitude in terms of privacy and policy awareness, security and privacy concerns. This is followed by discussion on how to secure software systems in development stage.

Innovative Strategies for Secure Software Development

2014 ◽  
pp. 2099-2119
Author(s):  
Punam Bedi ◽  
Vandana Gandotra ◽  
Archana Singhal
Keyword(s):  
Fuzzy Logic ◽  
Security Requirements ◽  
Software Systems ◽  
Hybrid Technique ◽  
Security Measures ◽  
Failed State ◽  
Innovative Strategies ◽  
Secure Software ◽  
Attack Trees ◽  
Secure Software Development

This chapter discusses adoption of some proactive strategies in threat management for security of software systems. Security requirements play an important role for secure software systems which arise due to threats to the assets from malicious users. It is therefore imperative to develop realistic and meaningful security requirements. A hybrid technique has been presented in this chapter evolved by overlapping the strengths of misuse cases and attack trees for elicitation of flawless security requirements. This chapter also discusses an innovative technique using fuzzy logic as a proactive step to break the jinx of brittleness of present day security measures based on binary principle. In this mechanism, partially secure state evolved between safe state and failed state using fuzzy logic provides an alert signal to take appropriate additional preventive measures to save the system from entering into the failed state to the extent possible.

scholarly journals On the secure software development process: CLASP, SDL and Touchpoints compared

2009 ◽  
Vol 51 (7) ◽  
pp. 1152-1171 ◽  
Author(s):  
Bart De Win ◽  
Riccardo Scandariato ◽  
Koen Buyens ◽  
Johan Grégoire ◽  
Wouter Joosen
Keyword(s):  
Software Development ◽  
Development Process ◽  
Software Development Process ◽  
Secure Software ◽  
Secure Software Development

scholarly journals Software Development Initiatives to Identify and Mitigate Security Threats - Two Systematic Mapping Studies

2016 ◽  
Author(s):  
Paulina Silva ◽  
René Noël ◽  
Santiago Matalonga ◽  
Hernán Astudillo ◽  
Diego Gatica ◽  
...  
Keyword(s):  
Software Development ◽  
Software Security ◽  
The Other ◽  
Software Systems ◽  
Security Threats ◽  
Controlled Experiments ◽  
Systematic Mapping ◽  
Development Lifecycle ◽  
Secure Software ◽  
Software Development Lifecycle

Software Security and development experts have addressed the problem of building secure software systems. There are several processes and initiatives to achieve secure software systems. However, most of these lack empirical evidence of its application and impact in building secure software systems. Two systematic mapping studies (SM) have been conducted to cover the existent initiatives for identification and mitigation of security threats. The SMs created were executed in two steps, first in 2015 July, and complemented through a backward snowballing in 2016 July. Integrated results of these two SM studies show a total of 30 relevant sources were identified; 17 different initiatives covering threats identification and 14 covering the mitigation of threats were found. All the initiatives were associated to at least one activity of the Software Development Lifecycle (SDLC); while 6 showed signs of being applied in industrial settings, only 3 initiatives presented experimental evidence of its results through controlled experiments, some of the other selected studies presented case studies or proposals.

Secure Spiral: A Secure Software Development Model

2011 ◽  
Vol 6 (1) ◽  
pp. 10-15 ◽  
Author(s):  
Daljit Kaur ◽  
Parminder Kaur ◽  
Hardeep Singh
Keyword(s):  
Software Development ◽  
Development Model ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Model

SETER

2012 ◽  
Vol 3 (3) ◽  
pp. 23-49 ◽  
Author(s):  
Ayda Saidane ◽  
Nicolas Guelfi
Keyword(s):  
Development Process ◽  
Security Requirements ◽  
Software Systems ◽  
Test Cases ◽  
Security Testing ◽  
Secure Systems ◽  
Architecture Model ◽  
Software Engineering Process ◽  
Secure Software Development

The quality of software systems strongly depends on their architecture. For this reason, taking into account security requirements at the architecture level is crucial for the success of secure software development. Today, systems are permanently evolving due to customer needs, technology evolution or maintenance constraints. Thus, a resilient secure system is expected to evolve towards more satisfaction of its security requirements (Guelfi 2011). In particular, such evolution process should identify and eliminate faults and vulnerabilities during the development process or runtime. This study focuses on the design phases and aims to propose a resilient software engineering process guaranteeing the development of secure systems that satisfy their critical requirements. During the development process, the system is expected to evolve until reaching satisfactory compliance against its requirements. The satisfaction computation is based on the quantification of failures and degradations. In this paper, the authors propose a novel architecture model-based security testing approach for identifying faults and vulnerabilities. The originality of the proposal resides in the usage of the architecture model for security testing and in coupling security requirements with threat model for generating both security functional test cases and malicious test cases. The assessment of the security requirements’ satisfaction and the overall system resilience is based on the test traces analysis. Throughout this study, a client-server system is used as a running example for illustrating the approach.

Sign in / Sign up

Export Citation Format

Share Document