Software Security Engineering

2011 ◽  
pp. 215-233 ◽  
Author(s):  
Mohammad Zulkernine ◽  
Sheikh I. Ahamed
Keyword(s):  
Software Engineering ◽  
Software Security ◽  
Rapid Development ◽  
Process Models ◽  
Software Systems ◽  
Engineering Process ◽  
Software Life Cycle ◽  
Security Engineering ◽  
Controlled Systems ◽  
Protection Mechanisms

The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: most software-controlled systems are prone to attacks both by internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving these two different but interdependent objectives is that current software engineering processes do not provide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever-evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state-of-the-art of software engineering and security engineering with respect to computer systems.

Software Security Engineering

2008 ◽  
pp. 927-942
Author(s):  
Mohammad Zulkernine ◽  
Sheikh I. Ahamed
Keyword(s):  
Software Engineering ◽  
Software Security ◽  
Rapid Development ◽  
Process Models ◽  
Software Systems ◽  
Engineering Process ◽  
Software Life Cycle ◽  
Security Engineering ◽  
Controlled Systems ◽  
Protection Mechanisms

The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: most software-controlled systems are prone to attacks both by internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving these two different but interdependent objectives is that current software engineering processes do not provide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever-evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state-of-the-art of software engineering and security engineering with respect to computer systems.

Software Security Engineering

2009 ◽  
pp. 2744-2759
Author(s):  
Mohammad Zulkernine ◽  
Sheikh I. Ahamed
Keyword(s):  
Software Engineering ◽  
Software Security ◽  
Rapid Development ◽  
Process Models ◽  
Software Systems ◽  
Engineering Process ◽  
Software Life Cycle ◽  
Computing Systems ◽  
Security Engineering ◽  
Protection Mechanisms

The rapid development and expansion of network based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: almost every software controlled system faces threats from potential adversaries both from internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving the above two different but interdependent objectives is that current software engineering processes do notprovide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state of the art of software engineering and security engineering with respect to computer systems.

Supporting Model-Driven Development

2017 ◽  
pp. 396-432
Author(s):  
Rita Suzana Pitangueira Maciel ◽  
Ana Patrícia F. Magalhães Mascarenhas ◽  
Ramon Araújo Gomes ◽  
João Pedro D. B. de Queiroz
Keyword(s):  
Software Engineering ◽  
Process Models ◽  
Software Systems ◽  
Model Driven Development ◽  
Model Driven ◽  
Process Specification ◽  
Process Enactment ◽  
Support Tools ◽  
Important Approach ◽  
Engineering Environment

The adoption of Model-Driven Development (MDD) is increasing and it is widely recognized as an important approach for building software systems. In addition to traditional development process models, an MDD process requires the selection of metamodels and mapping rules for the generation of the transformation chain which produces models and application code. However, existing support tools and transformation engines for MDD do not address different kinds of software process activities, such as application modeling and testing, to guide the developers. Furthermore, they do not enable process modeling nor the (semi) automated execution of activities during process enactment. MoDErNE (Model Driven Process-Centered Software Engineering Environment) uses process-centered software engineering environment concepts to improve MDD process specification and enactment by using a metamodeling foundation. This chapter presents model driven development concept issues and the MoDErNE approach and environment. MoDErNE aims to facilitate MDD process specification and enactment.

A Social Ontology for Integrating Security and Software Engineering

2007 ◽  
pp. 70-106 ◽  
Author(s):  
E. Yu ◽  
L. Liu ◽  
J. Mylopoulous
Keyword(s):  
Software Engineering ◽  
Social Ontology ◽  
Software Systems ◽  
Engineering Process ◽  
Future Directions ◽  
The Core ◽  
Modelling Framework ◽  
The Social ◽  
The World ◽  
Software Engineering Process

As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in security mecha-nisms and technologies, most software systems in the world remain precarious and vulnerable. There is now widespread recognition that security cannot be achieved by technology alone. All software systems are ultimately embedded in some human social environment. The effectiveness of the system depends very much on the forces in that environment. Yet there are few systematic techniques for treating the social context of security together with technical system design in an integral way. In this chapter, we argue that a social ontology at the core of a requirements engineering process can be the basis for integrating security into a requirements driven software engineering process. We describe the i* agent-oriented modelling framework and show how it can be used to model and reason about security concerns and responses. A smart card example is used to illustrate. Future directions for a social paradigm for security and software engineering are discussed.

A Social Ontology for Integrating Security and Software Engineering

2008 ◽  
pp. 2462-2491 ◽  
Author(s):  
E. Yu ◽  
L. Liu ◽  
J. Mylopoulous
Keyword(s):  
Software Engineering ◽  
Social Ontology ◽  
Software Systems ◽  
Engineering Process ◽  
Future Directions ◽  
The Core ◽  
Modelling Framework ◽  
The Social ◽  
The World ◽  
Software Engineering Process

As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in security mecha-nisms and technologies, most software systems in the world remain precarious and vulnerable. There is now widespread recognition that security cannot be achieved by technology alone. All software systems are ultimately embedded in some human social environment. The effectiveness of the system depends very much on the forces in that environment. Yet there are few systematic techniques for treating the social context of security together with technical system design in an integral way. In this chapter, we argue that a social ontology at the core of a requirements engineering process can be the basis for integrating security into a requirements driven software engineering process. We describe the i* agent-oriented modelling framework and show how it can be used to model and reason about security concerns and responses. A smart card example is used to illustrate. Future directions for a social paradigm for security and software engineering are discussed.

A Social Ontology for Integrating Security and Software Engineering

2011 ◽  
pp. 148-177
Author(s):  
E. Yu ◽  
L. Liu ◽  
J. Mylopoulos
Keyword(s):  
Software Engineering ◽  
Social Ontology ◽  
Software Systems ◽  
Engineering Process ◽  
Future Directions ◽  
The Core ◽  
Modelling Framework ◽  
The Social ◽  
The World ◽  
Software Engineering Process

As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in security mechanisms and technologies, most software systems in the world remain precarious and vulnerable. There is now widespread recognition that security cannot be achieved by technology alone. All software systems are ultimately embedded in some human social environment. The effectiveness of the system depends very much on the forces in that environment. Yet there are few systematic techniques for treating the social context of security together with technical system design in an integral way. In this chapter, we argue that a social ontology at the core of a requirements engineering process can be the basis for integrating security into a requirements driven software engineering process. We describe the i* agent-oriented modelling framework and show how it can be used to model and reason about security concerns and responses. A smart card example is used to illustrate. Future directions for a social paradigm for security and software engineering are discussed.

Supporting Model-Driven Development

2014 ◽  
pp. 176-212 ◽  
Author(s):  
Rita Suzana Pitangueira Maciel ◽  
Ana Patrícia F. Magalhães Mascarenhas ◽  
Ramon Araújo Gomes ◽  
João Pedro D. B. de Queiroz
Keyword(s):  
Software Engineering ◽  
Process Models ◽  
Software Systems ◽  
Model Driven Development ◽  
Model Driven ◽  
Process Specification ◽  
Process Enactment ◽  
Support Tools ◽  
Important Approach ◽  
Engineering Environment

The adoption of Model-Driven Development (MDD) is increasing and it is widely recognized as an important approach for building software systems. In addition to traditional development process models, an MDD process requires the selection of metamodels and mapping rules for the generation of the transformation chain which produces models and application code. However, existing support tools and transformation engines for MDD do not address different kinds of software process activities, such as application modeling and testing, to guide the developers. Furthermore, they do not enable process modeling nor the (semi) automated execution of activities during process enactment. MoDErNE (Model Driven Process-Centered Software Engineering Environment) uses process-centered software engineering environment concepts to improve MDD process specification and enactment by using a metamodeling foundation. This chapter presents model driven development concept issues and the MoDErNE approach and environment. MoDErNE aims to facilitate MDD process specification and enactment.

Sign in / Sign up

Export Citation Format

Share Document