Software Security Engineering – Part I

Standards and Standardization ◽

10.4018/978-1-4666-8111-8.ch022 ◽

2015 ◽

pp. 459-494

Author(s):

Issa Traore ◽

Isaac Woungang

Keyword(s):

Software Engineering ◽

Software Development ◽

Development Process ◽

Software Security ◽

Security Assessment ◽

Security Engineering ◽

Model Driven ◽

Software Vulnerabilities ◽

Software Products ◽

Assessment And Testing

It has been reported in the literature that about twenty new software vulnerabilities are reported weekly. This situation has increased the security awareness in the software community. Nowadays, software services are expected not only to satisfy functional requirements but also to resist malicious attacks. As demand for more trustworthy systems is increasing, the software industry is adjusting itself to security standards and practices by increasing security assessment and testing effort. Even though there is a consensus that better software engineering is to improve software quality in the early stage of software development, so far, various approaches that have been proposed to analyze and quantitatively measure the software security target, primarily show the finished software products in their operational life. There are few achievements on how to reduce or effectively mitigate the security risks faced by software products during the development process. In this chapter, the authors introduce a novel model-driven perspective on secure software engineering, which integrates seamlessly software security analysis with traditional software development activities. A systematic security engineering process that starts in the early stages of the software development process and spans the entire software lifecycle is presented. Fundamental software security concepts and analysis techniques are also introduced, and several illustrative examples are presented, with focus on security requirements and risk analysis.

Download Full-text

Reuse Alternatives based on the Sources of Software Assets

International Journal of Computer and Information Technology(2279-0764) ◽

10.24203/ijcit.v10i1.67 ◽

2021 ◽

Vol 10 (1) ◽

Author(s):

Anas AL-Badareen

Keyword(s):

Software Engineering ◽

Software Development ◽

Software Reuse ◽

Development Process ◽

Software Systems ◽

Software Development Process ◽

Software Products ◽

Engineering Discipline

Abstract— Since the idea of software reuse appeared in 1968, software reuse has become a software engineering discipline. Software reuse is one of the main techniques used to enhance the productivity of software development, which it helps reducing the time, effort, and cost of developing software systems, and enhances the quality of software products. However, software reuse requires understanding, modifying, adapting and testing processes in order to be performed correctly and efficiently. This study aims to analyze and discuss the process of software reuse, identify its elements, sources and usages. The alternatives of acquiring and using software assets either normal or reusable assets are discussed. As a result of this study, four main methods are proposed in order to use the concept of reuse in the software development process. These methods are proposed based on the source of software assets regardless the types of software assets and their usages.

Download Full-text

A Systematic Review and Catalog of Security Metric during the Secure Software Development Life Cycle

Recent Advances in Electrical & Electronic Engineering (Formerly Recent Patents on Electrical & Electronic Engineering) ◽

10.2174/2352096513999201201121823 ◽

2020 ◽

Vol 13 ◽

Author(s):

Sampada G.C ◽

Tende Ivo Sake ◽

Amrita

Keyword(s):

Systematic Review ◽

Life Cycle ◽

Software Development ◽

Software Security ◽

Security Assessment ◽

Security Metrics ◽

Development Life Cycle ◽

Development Processes ◽

Secure Software Development ◽

Software Development Life Cycle

Background: With the advancement in the field of software development, software poses threats and risks to customers’ data and privacy. Most of these threats are persistent because security is mostly considered as a feature or a non-functional requirement, not taken into account during the software development life cycle (SDLC). Introduction: In order to evaluate the security performance of a software system, it is necessary to integrate the security metrics during the SDLC. The appropriate security metrics adopted for each phase of SDLC aids in defining the security goals and objectives of the software as well as quantify the security in the software. Methods: This paper presents systematic review and catalog of security metrics that can be adopted during the distinguishable phases of SDLC, security metrics for vulnerability and risk assessment reported in the literature for secure development of software. The practices of these metrics enable software security experts to improve the security characteristics of the software being developed. The critical analysis of security metrics of each phase and their comparison are also discussed. Results: Security metrics obtained during the development processes help to improve the confidentiality, integrity, and availability of software. Hence, it is imperative to consider security during the development of the software, which can be done with the use of software security metrics. Conclusion: This paper reviews the various security metrics that are meditated in the copious phases during the progression of the SDLC in order to provide researchers and practitioners with substantial knowledge for adaptation and further security assessment.

Download Full-text

Are UX Evaluation Methods Providing the Same Big Picture?

Sensors ◽

10.3390/s21103480 ◽

2021 ◽

Vol 21 (10) ◽

pp. 3480

Author(s):

Walter Takashi Nakamura ◽

Iftekhar Ahmed ◽

David Redmiles ◽

Edson Oliveira ◽

David Fernandes ◽

...

Keyword(s):

Software Development ◽

Decision Process ◽

Development Process ◽

Evaluation Methods ◽

Sentence Completion ◽

Software Development Process ◽

Software Application ◽

Software Products ◽

Big Picture ◽

The Impact

The success of a software application is related to users’ willingness to keep using it. In this sense, evaluating User eXperience (UX) became an important part of the software development process. Researchers have been carrying out studies by employing various methods to evaluate the UX of software products. Some studies reported varied and even contradictory results when applying different UX evaluation methods, making it difficult for practitioners to identify which results to rely upon. However, these works did not evaluate the developers’ perspectives and their impacts on the decision process. Moreover, such studies focused on one-shot evaluations, which cannot assess whether the methods provide the same big picture of the experience (i.e., deteriorating, improving, or stable). This paper presents a longitudinal study in which 68 students evaluated the UX of an online judge system by employing AttrakDiff, UEQ, and Sentence Completion methods at three moments along a semester. This study reveals contrasting results between the methods, which affected developers’ decisions and interpretations. With this work, we intend to draw the HCI community’s attention to the contrast between different UX evaluation methods and the impact of their outcomes in the software development process.

Download Full-text

A Survey of Software Development Process Models in Software Engineering

International Journal of Software Engineering and Its Applications ◽

10.14257/ijseia.2015.9.11.05 ◽

2015 ◽

Vol 9 (11) ◽

pp. 55-70 ◽

Cited By ~ 4

Author(s):

Iqbal H. Sarker ◽

Faisal Faruque ◽

Ujjal Hossen ◽

Atikur Rahman

Keyword(s):

Software Engineering ◽

Software Development ◽

Development Process ◽

Process Models ◽

Software Development Process

Download Full-text

Is Modeling a Treatment for the Weakness of Software Engineering?

Computer Systems and Software Engineering ◽

10.4018/978-1-5225-3923-0.ch082 ◽

2017 ◽

pp. 1977-1994

Author(s):

Janis Osis ◽

Erika Asnina

Keyword(s):

Software Engineering ◽

Software Development ◽

Mathematical Formalism ◽

Separation Of Concerns ◽

Model Driven ◽

Topological Modeling ◽

System Functioning ◽

Mathematical Accuracy ◽

The Way

Experts' opinions exist that the way software is built is primitive. The role of modeling as a treatment for Software Engineering (SE) became more important after the appearance of Model-Driven Architecture (MDA). The main advantage of MDA is architectural separation of concerns that showed the necessity of modeling and opened the way for Software Development (SD) to become engineering. However, this principle does not demonstrate its whole potential power in practice, because of a lack of mathematical accuracy in the initial steps of SD. The question about the sufficiency of modeling in SD is still open. The authors believe that SD, in general, and modeling, in particular, based on mathematical formalism in all its stages together with the implemented principle of architectural separation of concerns can become an important part of SE in its real sense. They introduce such mathematical formalism by means of topological modeling of system functioning.

Download Full-text

Is Modeling a Treatment for the Weakness of Software Engineering?

Intelligent Systems ◽

10.4018/978-1-5225-5643-5.ch012 ◽

2018 ◽

pp. 310-327

Author(s):

Janis Osis ◽

Erika Asnina

Keyword(s):

Software Engineering ◽

Software Development ◽

Mathematical Formalism ◽

Separation Of Concerns ◽

Model Driven ◽

Topological Modeling ◽

System Functioning ◽

Mathematical Accuracy ◽

The Way

Experts' opinions exist that the way software is built is primitive. The role of modeling as a treatment for Software Engineering (SE) became more important after the appearance of Model-Driven Architecture (MDA). The main advantage of MDA is architectural separation of concerns that showed the necessity of modeling and opened the way for Software Development (SD) to become engineering. However, this principle does not demonstrate its whole potential power in practice, because of a lack of mathematical accuracy in the initial steps of SD. The question about the sufficiency of modeling in SD is still open. The authors believe that SD, in general, and modeling, in particular, based on mathematical formalism in all its stages together with the implemented principle of architectural separation of concerns can become an important part of SE in its real sense. They introduce such mathematical formalism by means of topological modeling of system functioning.

Download Full-text

Theory Driven Modeling as the Core of Software Development

Research Anthology on Recent Trends, Tools, and Implications of Computer Programming ◽

10.4018/978-1-7998-3016-0.ch005 ◽

2021 ◽

pp. 88-107

Author(s):

Janis Osis ◽

Erika Nazaruka (Asnina)

Keyword(s):

Software Engineering ◽

Software Development ◽

Separation Of Concerns ◽

Model Driven ◽

The Core ◽

Engineering Discipline ◽

Topological Modeling ◽

System Functioning ◽

Mathematical Accuracy

Some experts opine that software is built in a primitive way. The role of modeling as a treatment for the weakness of software engineering became more important when the principles of Model Driven Architecture (MDA) appeared. Its main advantage is architectural separation of concerns. It showed the necessity of modeling and opened the way for software development to become an engineering discipline. However, this principle does not demonstrate its whole potential power in practice because of lack of mathematical accuracy in the very initial steps of software development. The sufficiency of modeling in software development is still disputable. The authors believe that software development in general (and modeling in particular) based on mathematical formalism in all of its stages and together with the implemented principle of architectural separation of concerns can become an important part of software engineering in its real sense. They propose the formalism by topological modeling of system functioning as the first step towards engineering.

Download Full-text

Practical Experience in Customization for a Software Development Process for Small Companies Based on RUP Process and MSF

Software Process Improvement for Small and Medium Enterprises ◽

10.4018/978-1-59904-906-9.ch003 ◽

2011 ◽

pp. 71-93 ◽

Cited By ~ 1

Author(s):

Valerio Fernandes del Maschi ◽

Luciano S. Souza ◽

Mauro de Mesquita Spínola ◽

Wilson Vendramel ◽

Ivanir Costa ◽

...

Keyword(s):

Software Engineering ◽

Software Development ◽

Development Process ◽

Practical Experience ◽

Software Development Process ◽

Small Companies ◽

Engineering Process ◽

Software Projects ◽

Software Engineering Process ◽

Unified Process

The quality in software projects is related the deliveries that are adjusted to the use, and that they take care of to the objectives. In this way, Brazilian organizations of software development, especially the small and medium ones, need to demonstrate to future customers whom an initial understand of the business problem has enough. This chapter has as objective to demonstrate methodology, strategy, main phases and procedures adopted beyond the gotten ones of a small organization of development of software in the implantation of a Customized Software Engineering Process and of a Tool of Support to the Process in the period of 2004 to 2006 on the basis of rational unified process (RUP) and in the Microsoft solutions framework (MSF).

Download Full-text

Towards a Model-Centric Approach for Developing Enterprise Information Systems

Enterprise Information Systems and Implementing IT Infrastructures ◽

10.4018/978-1-61520-625-4.ch010 ◽

2010 ◽

pp. 140-158

Author(s):

Petraq Papajorgji ◽

Panos M. Pardalos

Keyword(s):

Information Systems ◽

Software Development ◽

Programming Languages ◽

Development Process ◽

Software Development Process ◽

Object Constraint Language ◽

Enterprise Information ◽

Enterprise Information Systems ◽

Model Driven ◽

Modeling Paradigm

This chapter aims to present a new modeling paradigm that promises to significantly increase the efficiency of developing enterprise information systems. Currently, the software industry faces considerable challenges as it tries to build larger, more complex, software systems with fewer resources. Although modern programming languages such as C++ and Java have in general improved the software development process, they have failed to significantly increase developer’s productivity. Thus, developers are considering other paths to address this issue. One of the potential paths is designing, developing and deploying enterprise information systems using the Model Driven Architecture (MDA). MDA is a model-centric approach that allows for modeling the overall business of an enterprise and capturing requirements to developing, deploying, integrating, and managing different kinds of software components without considering any particular implementation technology. At the center of this approach are models; the software development process is driven by constructing models representing the software under development. Code that expresses the implementation of the model in a certain underlying technology is obtained as a result of model transformation. Thus, the intellectual investment spent in developing the business model of an enterprise is not jeopardized by the continuous changes of the implementation technologies. Currently there are two main approaches trying to implement MDA-based tools. One of the approaches is based on the Object Constraint Language and the other on Action Language. An example of designing, developing and deploying an application using this new modeling paradigm is presented. The MDA approach to software development is considered as the biggest shift since the move from Assembler to the first high level languages.

Download Full-text