Developing secure software and systems

Lecture Notes in Computer Science, 2011

The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use.

The Second International Conference on Availability, Reliability and Security (ARES'07), 2007

Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and-patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how to prevent them.

2019

Concepts, Methodologies, Tools, and Applications

This chapter discusses adoption of some proactive strategies in threat management for security of software systems. Security requirements play an important role for secure software systems which arise due to threats to the assets from malicious users. It is therefore imperative to develop realistic and meaningful security requirements. A hybrid technique has been presented in this chapter evolved by overlapping the strengths of misuse cases and attack trees for elicitation of flawless security requirements. This chapter also discusses an innovative technique using fuzzy logic as a proactive step to break the jinx of brittleness of present day security measures based on binary principle. In this mechanism, partially secure state evolved between safe state and failed state using fuzzy logic provides an alert signal to take appropriate additional preventive measures to save the system from entering into the failed state to the extent possible.

World Journal of Advanced Research and Reviews

Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, ...

Proceedings of the 2006 international workshop on Software engineering for secure systems - SESS '06, 2006

Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-andpatch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how specific activities combine to prevent them.

International Journal of Computer Applications, 2013

Information Systems Security is one of the most critical challenges presently facing nearly every one of the organizations. However, making certain security and quality in both information and the systems which control information is a difficult goal necessitating the mixture of two wide research disciplines which are typically separate: security engineering and secure software engineering. Security engineering has an extensive history, and has focused generally on providing advances in security models, techniques and protocols, but it remains in a steady state of the development. Secure software engineering, however, has emerged relatively recently, but is growing quickly and is paying attention on the integration of security into software engineering techniques; models and processes, in order to build up more secure information systems. In the study of security engineering, security described as the protection from harm.It presented the principles of security, the number of security mechanisms and the risk analysis to identify the risk. In the study of secure software engineering, it has been identified a number of challenges that need to establish for developing the secure software system. We also investigated a number of methods and languages that is modeling the security into software systems.

2005

A general approach to security architecture is introduced. A survey of existing attempts to develop the security architecture introduces the topic. Security can be highlighted as part of the system development life cycle. The authors assume that security cannot be achieved by concentrating on one system component but can be achieved by identifying the relationship between these components and how information is used among them. An original sphere of use and interaction is presented upon which security measures can be evaluated and the required security controls can be chosen.

Proceedings of the 2006 international workshop on Software engineering for secure systems - SESS '06, 2006

Proceedings of the 10th Wseas International Conference on Computers, 2006

Software tend to be omnipresent in all modern systems. It often manipulates critical resources which interests pirates and need to be secured. Given the fact that most common software attacks can't be stopped or detected using conventional security mechanisms, malicious intruders try hack into systems by exploiting a software vulnerability. Vulnerabilities result from the use of traditional development processes-not focusing on security concerns-and the lack of necessary knowledge and guidance on how to produce secure software. They include implementation bugs such as buffer overflows and design flaws such as inconsistent error handling. Several efforts are undertaken, to improve secure software engineering, however, developers still miss or misuse acquired knowledge due to domain immaturity, newness of the field, process complexity and absence of environments supporting such development. This paper presents our approach addressing software application security issues through its development process using a strategy oriented process model. The main feature of the proposed process model is that it provides a two level guidance: 1) a strategic guidance helping the developer to choose one among a compilations of the existing methods, standards and best practices and 2) a tactic guidance helping the developer to achieve his selection. This process model is easily extensible and allows building customized processes adapted to the context, the developer's finalities and the product state.