The Case for Adaptive Security Interventions

Despite the availability of various methods and tools to facilitate secure coding, developers continue to write code that contains common vulnerabilities. It is important to understand why technological advances do not sufficiently facilitate developers in writing secure code. To widen our understanding of developers' behaviour, we considered the complexity of the security decision space of developers using theory from cognitive and social psychology. Our interdisciplinary study reported in this article (1) draws on the psychology literature to provide conceptual underpinnings for three categories of impediments to achieving security goals, (2) reports on an in-depth meta-analysis of existing software security literature that identified a catalogue of factors that influence developers' security decisions, and (3) characterises the landscape of existing security interventions that are available to the developer during coding and identifies gaps. Collectively, these show that different forms of impediments to achieving security goals arise from different contributing factors. Interventions will be more effective where they reflect psychological factors more sensitively and marry technical sophistication, psychological frameworks, and usability. Our analysis suggests “adaptive security interventions” as a solution that responds to the changing security needs of individual developers and a present a proof-of-concept tool to substantiate our suggestion.

Checklist Usage in Secure Software Development

Checklists have been used to increase safety in aviation and help prevent mistakes in surgeries. However, despite the success of checklists in many domains, checklists have not been universally successful in improving safety. A large volume of checklists is being published online for helping software developers produce more secure code and avoid mistakes that lead to cyber-security vulnerabilities. It is not clear if these secure development checklists are an effective method of teaching developers to avoid cyber-security mistakes and reducing coding errors that introduce vulnerabilities. This paper presents in-process research looking at the secure coding checklists available online, how they map to well-known checklist formats investigated in prior human factors research, and unique pitfalls that some secure development checklists exhibit related to decidability, abstraction, and reuse.

SECRECY CODING IN THE INTEGRATED NETWORKENHANCED TELEMETRY (iNET)

This paper considers security in eavesdropping attacks over wireless communication links in aeronautical telemetry systems. Here, we propose a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system that can be coupled with modern encryption schemes. We consider a wiretap scenario where there are two telemetry links between a test article (TA) and a legitimate receiver, or ground station (GS). We show how these two links can be used to transmit both encrypted and unencrypted data streams while keeping both streams secure.<br>

SECRECY CODING IN THE INTEGRATED NETWORKENHANCED TELEMETRY (iNET)

This paper considers security in eavesdropping attacks over wireless communication links in aeronautical telemetry systems. Here, we propose a secure coding technique for the integrated Network Enhanced Telemetry (iNET) communications system that can be coupled with modern encryption schemes. We consider a wiretap scenario where there are two telemetry links between a test article (TA) and a legitimate receiver, or ground station (GS). We show how these two links can be used to transmit both encrypted and unencrypted data streams while keeping both streams secure.<br>

SECURE CODE DESIGN PADA PEMROGRAMAN BERORIENTASI OBJEK DENGAN PENANGANAN PENGECUALIAN

Proses pengembangan perangkat lunak harus mengikuti tahapan tertentu yang disebut dengan Software Development Life Cycle atau (SDLC). Pada pengembangan perangkat lunak, yang belum nampak secara eksplisit pada SDLC adalah aspek keamanan. Keamanan seharusnya hadir pada setiap tahapan SDLC. Keamanan perangkat lunak bisa dimulai dari security requirement, secure design, secure coding, hingga pengujian. Tahapan coding merupakakan implementasi dari desain dalam bentuk kode. Programmer harus berhati-hati agar tidak ada lubang keamanan pada saat perangkat lunak dikembangkan. Membuat perangkat lunak yang aman dengan desain memerlukan pertimbangan pada bagiamana cara menangani kesalahan, terutama pada tahapan coding. Bahasa pemrograman Java yang memiliki sifat mengurangi kemungkinan terjadinya kesalahan tipe data. Bahasa termasuk ke dalam pemrograman berorientasi objek. Pemrograman berorientasi objek merupakan teknik membuat suatu program berdasarkan objek dan hal yang bisa dilakukan oleh objek tersebut. Bahasa Java menyediakan fitur penanganan pengecualian, seperti pernyataan throw dan blok try-catch-finally. Pada bahasa ini terdapat exception handling yaitu mekanisme penangan error yang mungkin terjadi dalam suatu program

Conversational Code Analysis: The Future of Secure Coding

The area of software development and secure coding can benefit significantly from advancements in virtual assistants. Research has shown that many coders neglect security in favor of meeting deadlines. This shortcoming leaves systems vulnerable to attackers. While a plethora of tools are available for programmers to scan their code for vulnerabilities, finding the right tool can be challenging. It is therefore imperative to adopt measures to get programmers to utilize code analysis tools that will help them produce more secure code. This chapter looks at the limitations of existing approaches to secure coding and proposes a methodology that allows programmers to scan and fix vulnerabilities in program code by communicating with virtual assistants on their smart devices. With the ubiquitous move towards virtual assistants, it is important to design systems that are more reliant on voice than on standard point-and-click and keyboard-driven approaches. Consequently, we propose MyCodeAnalyzer, a Google Assistant app and code analysis framework, which was designed to interactively scan program code for vulnerabilities and flaws using voice commands during development. We describe the proposed methodology, implement a prototype, test it on a vulnerable project and present our results.