The Intelligent Software Systems: The Practical Implementation of Software Security Vulnerabilities Detection Modeling

Security of the software system is a prime focus area for software development teams. This paper explores some data science methods to build a knowledge management system that can assist the software development team to ensure a secure software system is being developed. Various approaches in this context are explored using data of insurance domain-based software development. These approaches will facilitate an easy understanding of the practical challenges associated with actual-world implementation. This paper also discusses the capabilities of language modeling and its role in the knowledge system. The source code is modeled to build a deep software security analysis model. The proposed model can help software engineers build secure software by assessing the software security during software development time. Extensive experiments show that the proposed models can efficiently explore the software language modeling capabilities to classify software systems’ security vulnerabilities.

Download Full-text

Object oriented programming (OOP) and its relevance to designing intelligent software systems

Proceedings. 1988 International Conference on Computer Languages ◽

10.1109/iccl.1988.13070 ◽

2003 ◽

Author(s):

H. Wechsler ◽

D. Rine

Keyword(s):

Object Oriented ◽

Object Oriented Programming ◽

Software Systems ◽

Intelligent Software

Download Full-text

Measuring, analyzing and predicting security vulnerabilities in software systems

Computers & Security ◽

10.1016/j.cose.2006.10.002 ◽

2007 ◽

Vol 26 (3) ◽

pp. 219-228 ◽

Cited By ~ 112

Author(s):

O.H. Alhazmi ◽

Y.K. Malaiya ◽

I. Ray

Keyword(s):

Software Systems ◽

Security Vulnerabilities

Download Full-text

Intelligent Software Systems for CNC Machining

Intelligent Systems ◽

10.1201/9781420040814.ch9a ◽

2002 ◽

Author(s):

George-C Vosniakos

Keyword(s):

Cnc Machining ◽

Software Systems ◽

Intelligent Software

Download Full-text

Creating and Applying Security Goal Indicator Trees in an Industrial Environment

Software Design and Development ◽

10.4018/978-1-4666-4301-7.ch048 ◽

2014 ◽

pp. 999-1013

Author(s):

Alessandra Bagnato ◽

Fabio Raiteri ◽

Christian Jung ◽

Frank Elberzhager

Keyword(s):

Software Development ◽

Software Systems ◽

Full Potential ◽

Security Vulnerabilities ◽

Industrial Project ◽

Project Environment ◽

Development Tools ◽

Development Lifecycle ◽

Software Development Lifecycle

Security inspections are increasingly important for bringing security-relevant aspects into software systems, particularly during the early stages of development. Nowadays, such inspections often do not focus specifically on security. With regard to security, the well-known and approved benefits of inspections are not exploited to their full potential. This book chapter focuses on the Security Goal Indicator Tree application for eliminating existing shortcomings, the training that led to their creation in an industrial project environment, their usage, and their reuse by a team in industry. SGITs are a new approach for modeling and checking security-relevant aspects throughout the entire software development lifecycle. This book chapter describes the modeling of such security goal based trees as part of requirements engineering using the GOAT tool dedicated plug-in and the retrieval of these models during the various phases of the software development lifecycle in a project by means of Software Vulnerability Repository Services (SVRS) created in the European project SHIELDS (SHIELDS - Detecting known security vulnerabilities from within design and development tools).

Download Full-text

CONFU

Security-Aware Systems Applications and Software Development Methods ◽

10.4018/978-1-4666-1580-9.ch009 ◽

2012 ◽

pp. 152-167

Author(s):

Huning Dai ◽

Christian Murphy ◽

Gail E. Kaiser

Keyword(s):

Case Studies ◽

Software Security ◽

Performance Evaluations ◽

Testing Technique ◽

Security Vulnerabilities ◽

Testing Framework ◽

Testing Methodology ◽

Fuzz Testing ◽

Runtime Environment ◽

Semantic Validity

Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is fuzz testing. However, typical fuzz testing makes no guarantees regarding the syntactic and semantic validity of the input, or of how much of the input space will be explored. To address these problems, the authors present a new testing methodology called Configuration Fuzzing. Configuration Fuzzing is a technique whereby the configuration of the running application is mutated at certain execution points to check for vulnerabilities that only arise in certain conditions. As the application runs in the deployment environment, this testing technique continuously fuzzes the configuration and checks “security invariants’’ that, if violated, indicate vulnerability. This paper discusses the approach and introduces a prototype framework called ConFu (CONfiguration FUzzing testing framework) for implementation. Additionally, the results of case studies that demonstrate the approach’s feasibility are presented along with performance evaluations.

Download Full-text

Mining Chat Discussions

Encyclopedia of Data Warehousing and Mining, Second Edition ◽

10.4018/978-1-60566-010-3.ch193 ◽

2011 ◽

pp. 1243-1247

Author(s):

Stanley Loh Daniel Licthnow ◽

Thyago Borges Tiago Primo

Keyword(s):

Digital Library ◽

Knowledge Exchange ◽

Software Systems ◽

Chat Rooms ◽

Indirect Contact ◽

Intelligent Software ◽

Mailing Lists ◽

New Information ◽

The Subject ◽

Mining Tools

According to Nonaka & Takeuchi (1995), the majority of the organizational knowledge comes from interactions between people. People tend to reuse solutions from other persons in order to gain productivity. When people communicate to exchange information or acquire knowledge, the process is named Collaboration. Collaboration is one of the most important tasks for innovation and competitive advantage within learning organizations (Senge, 2001). It is important to record knowledge to later reuse and analysis. If knowledge is not adequately recorded, organized and retrieved, the consequence is re-work, low productivity and lost of opportunities. Collaboration may be realized through synchronous interactions (e.g., exchange of messages in a chat), asynchronous interactions (e.g., electronic mailing lists or forums), direct contact (e.g., two persons talking) or indirect contact (when someone stores knowledge and others can retrieve this knowledge in a remote place or time). In special, chat rooms are becoming important tools for collaboration among people and knowledge exchange. Intelligent software systems may be integrated into chat rooms in order to help people in this collaboration task. For example, systems can identify the theme being discussed and then offer new information or can remember people of existing information sources. This kind of systems is named recommender systems. Furthermore, chat sessions have implicit knowledge about what the participants know and how they are viewing the world. Analyzing chat discussions allows understanding what people are looking for and how people collaborates one with each other. Intelligent software systems can analyze discussions in chats to extract knowledge about the group or about the subject being discussed. Mining tools can analyze chat discussions to understand what is being discussed and help people. For example, a recommender system can analyze textual messages posted in a web chat, identify the subject of the discussion and then look for items stored in a Digital Library to recommend individually to each participant of the discussion. Items can be electronic documents, web pages and bibliographic references stored in a digital library, past discussions and authorities (people with expertise in the subject being discussed). Besides that, mining tools can analyze the whole discussion to map the knowledge exchanged among the chat participants. The benefits of such technology include supporting learning environments, knowledge management efforts within organizations, advertisement and support to decisions.

Download Full-text

Survey of Vulnerabilities and Mitigation Techniques for Mooc-Based Applications

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2016100101 ◽

2016 ◽

Vol 7 (4) ◽

pp. 1-18 ◽

Cited By ~ 1

Author(s):

Hossain Shahriar ◽

Hisham M. Haddad ◽

David Lebron ◽

Rubana Lupu

Keyword(s):

Open Source Software ◽

Exploratory Study ◽

Online Courses ◽

Software Security ◽

Low Cost ◽

Massive Open Online Courses ◽

Massive Open Online ◽

Security Vulnerabilities ◽

Cloud Environments ◽

Mitigation Techniques

Massive Open Online Courses (MOOCs) are commonly hosted as web servers for learners worldwide to access education and learning materials at low cost. Many of the well-known MOOCs have adopted open source software and database technologies and frequently operate within cloud environments. It is likely that the well-known software security vulnerabilities may manifest to MOOC-based applications. Unfortunately, few studies have identified a set of common vulnerabilities applicable to MOOC-based applications. This paper1 presents an exploratory study of potential security vulnerabilities and challenges for MOOC platforms, and it provide some guidelines and suggestions to mitigate these concerns. This study helps practitioners (educators and developers) to adopt MOOC applications while considering potential vulnerabilities and be prepared to deal with these risks.

Download Full-text

A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2014100102 ◽

2014 ◽

Vol 5 (4) ◽

pp. 31-47 ◽

Cited By ~ 2

Author(s):

Annette Tetmeyer ◽

Daniel Hein ◽

Hossein Saiedian

Keyword(s):

Software Development ◽

Software Security ◽

Security Requirements ◽

Software Systems ◽

Small Organizations ◽

Pos Tagging ◽

Part Of Speech ◽

Security Requirements Engineering ◽

Development Processes

While software security has become an expectation, stakeholders often have difficulty expressing such expectations. Elaborate (and expensive) frameworks to identify, analyze, validate and incorporate security requirements for large software systems (and organizations) have been proposed, however, small organizations working within short development lifecycles and minimal resources cannot justify such frameworks and often need a light and practical approach to security requirements engineering that can be easily integrated into their existing development processes. This work presents an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small organizations. The approach is based on identifying candidate security goals using part of speech (POS) tagging, categorizing security goals based on canonical security definitions, and understanding the stakeholder goals to develop preliminary security requirements and to prioritize them. It uses a case study to validate the feasibility and effectiveness of the proposed approach.

Download Full-text

Software Security Engineering

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch064 ◽

2008 ◽

pp. 927-942

Author(s):

Mohammad Zulkernine ◽

Sheikh I. Ahamed

Keyword(s):

Software Engineering ◽

Software Security ◽

Rapid Development ◽

Process Models ◽

Software Systems ◽

Engineering Process ◽

Software Life Cycle ◽

Security Engineering ◽

Controlled Systems ◽

Protection Mechanisms

The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: most software-controlled systems are prone to attacks both by internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving these two different but interdependent objectives is that current software engineering processes do not provide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever-evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state-of-the-art of software engineering and security engineering with respect to computer systems.

Download Full-text