检索结果-内蒙古大学图书馆

Systematic Mapping Study on Security Approaches in secure software engineering

IEEE ACCESS 2021年 9卷 19139-19160页

作者： Khan, Rafiq Ahmad Khan, Siffat Ullah Khan, Habib Ullah Ilyas, Muhammad Univ Malakand Dept Comp Sci & IT Software Engn Res Grp Chakdara 18800 Pakistan Qatar Univ Dept Accounting & Informat Syst Coll Business & Econ Doha Qatar

In the modern digital era, software systems are extensively adapted and have become an integral component of human society. Such wide use of software systems consists of large and more critical data that inevitably needs to be secured. It is imperative to make sure that these software systems not only satisfy the users' needs or functional requirements, but it is equally important to make sure the security of these software systems. However, recent research shows that many software development methods do not explicitly include software security measures during software development as they move from demand engineering to their final losses. Integrating software security at each stage of the software development life cycle (SDLC) has become an urgent need. Tackling software security, various methods, techniques, and models have been suggested and developed, however, only a few of them provide strong evidence for building secure software applications. The main purpose of this research is to study security measures in the context of the development of secure software (SSD) during the study of systematic mapping (SMS). Based on the inclusion and exclusion criteria, 116 studies were selected. After the data extraction from the selected 116 papers, these were classified based on the quality assessment, software security method, SDLC phases, publication venue, and SWOT analysis. The results indicate that this domain is still immature and sufficient research work needs to be carried out particularly on empirically evaluated solutions.

关键词： software Security Buildings software systems software measurement Systematics software engineering software security secure software development secure software engineering software development life cycle security approaches systematic mapping study

来源：评论

学校读者我要写书评

暂无评论

A framework to support alignment of secure software engineering with legal regulations

引用

software AND SYSTEMS MODELING 2011年第3期10卷 369-394页

作者： Islam, Shareeful Mouratidis, Haralambos Juerjens, Jan Tech Univ Munich Inst Informat Munich Germany Univ E London Sch Comp IT & Engn London E15 4LZ England TU Dortmund Dept Comp Sci Dortmund Germany

Regulation compliance is getting more and more important for software systems that process and manage sensitive information. Therefore, identifying and analysing relevant legal regulations and aligning them with security requirements become necessary for the effective development of secure software systems. Nevertheless, secure software engineering Modelling Languages (SSEML) use different concepts and terminology from those used in the legal domain for the description of legal regulations. This situation, together with the lack of appropriate background and knowledge of laws and regulations, introduces a challenge for software developers. In particular, it makes difficult to perform (i) the elicitation of appropriate security requirements from the relevant laws and regulations;and (ii) the correct tracing of the security requirements throughout the development stages. This paper presents a framework to support the consideration of laws and regulations during the development of secure software systems. In particular, the framework enables software developers (i) to correctly elicit security requirements from the appropriate laws and regulations;and (ii) to trace these requirements throughout the development stages in order to ensure that the design indeed supports the required laws and regulations. Our framework is based on existing work from the area of secure software engineering, and it complements this work with a novel and structured process and a well-defined method. A practical case study is employed to demonstrate the applicability of our work.

关键词： secure software engineering Non-functional properties Security requirements secure Tropos UMLsec Modelling regulations Legal constraints

来源：评论

学校读者我要写书评

暂无评论

Applying software Assurance and Cybersecurity NICE Job Tasks through secure software engineering Labs

Applying Software Assurance and Cybersecurity NICE Job Tasks...

引用

International Conference on ENTERprise Information Systems (CENTERIS) / International Conference on Project MANagement (ProjMAN) / International Conference on Health and Social Care Information Systems and Technologies (HCist)

作者： Dawson, Maurice Taveras, Pedro Taylor, Danielle IIT 10 West 35th St Chicago IL 60616 USA Pontificia Univ Catolica Madre & Maestra Abraham Lincoln Esq Simon Bolivar Santo Domingo 10108 Dominican Rep Univ Missouri 1 Univ Blvd St Louis MO 63131 USA

To meet growing demands in the United States market for cybersecurity professionals, the National Security Agency and Department of Homeland Security have jointly established the National Center for Academic Excellence. Until recently, cybersecurity efforts were focused on securing the network. However, numerous studies have revealed that significant vulnerabilities have been found within the software code. To teach programmers and software engineers having secure software engineering labs is critical. Experiential learning is the cornerstone of cybersecurity education. Laboratory exercises provide critical value to students. Real-world, malicious actors use varying tactics and techniques for cyber-attacks. Laboratory environments should mirror this dynamism, and students should be exposed to various tools and mitigation strategies. (C) 2019 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://***/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the scientific committee of the CENTERIS -International Conference on ENTERprise Information Systems / ProjMAN - International Conference on Project MANagement / HCist - International Conference on Health and Social Care Information Systems and Technologies.

关键词： secure software Development secure software engineering software Assurance Cybersecurity Cyberdefense

来源：评论

学校读者我要写书评

暂无评论

Work in Progress: Towards an Academic secure software engineering Curriculum for Engineers 11

Work in Progress: Towards an Academic Secure Software Engine...

引用

IEEE Global engineering Education Conference (IEEE EDUCON)

作者： Jahn, Sabrina Mottok, Juergen Ostbayerisehe Tech Hsch Regensburg Regensburg Germany

ISBN: (纸本)9781728109305

In the age of the Internet of Things, it is becoming increasingly important to integrate knowledge about the development of secure systems (secure software engineering) into academic teaching. However, teaching IT Security and secure software engineering to non-computer scientists is rare. Therefore, we focus our research on the integration of IT Security into software engineering education of non-computer scientists, particularly electrical engineers, by means of inductive teaching- and learning-arrangements. After collecting students' preconceptions of IT Security and secure software engineering in prior work, this paper now contributes with a first mapping of these preconceptions with corresponding learning content as well as suitable inductive teaching methods to be able to create new lecture and exercise units and improve academic learning and teaching in both areas.

关键词： IT Security secure software engineering academic education engineering curriculum

来源：评论

学校读者我要写书评

暂无评论

Exploring Security Procedures in secure software engineering: A Systematic Mapping Study 22

Exploring Security Procedures in Secure Software Engineering...

引用

26th ACM International Conference on Evaluation and Assessment in software engineering, EASE 2022

作者： Khan, Rafiq Ahmad Khan, Siffat Ullah Ilyas, Muhammad Department of Computer Science & IT University of Malakand Pakistan Department of Computer Science Gandhara University Peshawar Pakistan

ISBN: (纸本)9781450396134

Various new technologies have developed as software security solutions have become more critical. One of the essential parts of software quality is the product's security. Though providing examples covering all phases of secure software development is necessary, very few of these situations have been documented. More than a few approaches have been proposed and implemented to handle software security, but only a few of them provide valid evidence for developing secure software applications. This paper presents the results of a Systematic Mapping Study (SMS), which was carried out to determine the existence of software security metrics, tools, standards, and security-related research topics mainly discussed and addressed. A total of 116 studies were chosen for inclusion in this review. Selected studies led us to discover 55 secure software engineering (SSE) metrics, 68 SSE tools, 33 SSE standards, and 12 SSE research topics that have been discussed and addressed. This effort will aid software development firms in better understanding existing security measures employed in creating secure software. It can also serve as a foundation for researchers to build and create new software security solutions and identify new research directions. © 2022 ACM.

关键词： Systematic Mapping Study secure software Development secure software engineering software Security

来源：评论

学校读者我要写书评

暂无评论

secure software engineering teaching modules 06

Secure software engineering teaching modules

引用

Proceedings of the 3rd annual conference on Information security curriculum development

作者： James Walden Charles E. Frank Northern Kentucky University Highland Heights KY

ISBN: (纸本)9781595934376

We are designing a course in secure software engineering that will teach students how to incorporate security throughout the software development lifecycle. The class will serve as a capstone for a new graduate certificate in secure software engineering. This paper describes the class goals, the design for the class, and the materials that we will develop to teach secure software engineering. We are creating ten modules to cover the core topics in software security. Each module will cover one or more class goals and will consist of both explanatory materials and assignments to give students the opportunity to apply their learnings in a small context. The modules will be developed over the Summer and Fall of 2006, and the class will be first offered in Spring 2007. The class will also incorporate a team-based web development project that students will work on throughout the semester to gain experience applying security principles to a large-scale project.

关键词： software security information security education secure software engineering

来源：评论

学校读者我要写书评

暂无评论

Applying software Assurance and Cybersecurity NICE Job Tasks through secure software engineering Labs

引用

Procedia Computer Science 2019年 164卷 301-312页

作者： Maurice Dawson Pedro Taveras Danielle Taylor Illinois Institute of Technology 10 West 35th Street Chicago IL 60616 USA Pontificia Universidad Catolica Madre y Maestra Abraham Lincoln esq. Simón Bolivar Santo Domingo 10108 Dominican Republic University of Missouri - Saint Louis 1 University Blvd St. Louis MO 63131 USA

关键词： secure software Development secure software engineering software Assurance Cybersecurity Cyberdefense

来源：评论

学校读者我要写书评

暂无评论

secure Modules for Undergraduate software engineering Courses 48

Secure Modules for Undergraduate Software Engineering Course...

引用

48th IEEE Frontiers in Education Conference (FIE)

作者： Yang, Jeong Lodgher, Akhtar Lee, Young Texas A&M Univ Comp & Cyber Secur San Antonio TX 78224 USA

ISBN: (纸本)9781538611746

Security affects every software component in different types of computing systems. Many vulnerabilities and attacks on software systems are due to security weaknesses in the software itself. During the process of software specification, development, or testing, security issues are either taken into consideration insufficiently or not at all. Such software, due to internal weaknesses is prone to new attacks. By teaching secure software engineering techniques for designing and developing software modules, students would learn systematic secure software development techniques, such as defect detecting and security testing. This paper presents a series of modules that are designed to be integrated into undergraduate software engineering courses from a security perspective. The goal of the modules is to teach the building of robust software security requirements, secure software design and development, and secure software verification through a secure software development lifecycle.

关键词： secure software engineering secure design secure coding security testing security assessment

来源：评论

学校读者我要写书评

暂无评论

An advanced approach for modeling and detecting software vulnerabilities

引用

INFORMATION AND software TECHNOLOGY 2012年第9期54卷 997-1013页

作者： Shahmehri, Nahid Mammar, Amel de Oca, Edgardo Montes Byers, David Cavalli, Ana Ardi, Shanai Jimenez, Willy Linkoping Univ Dept Comp & Informat Sci SE-58183 Linkoping Sweden Telecom SudParis F-91011 Evry France Montimage F-75013 Paris France

Context: Passive testing is a technique in which traces collected from the execution of a system under test are examined for evidence of flaws in the system. Objective: In this paper we present a method for detecting the presence of security vulnerabilities by detecting evidence of their causes in execution traces. This is a new approach to security vulnerability detection. Method: Our method uses formal models of vulnerability causes, known as security goal models and vulnerability detection conditions (VDCs). The former are used to identify the causes of vulnerabilities and model their dependencies, and the latter to give a formal interpretation that is suitable for vulnerability detection using passive testing techniques. We have implemented modeling tools for security goal models and vulnerability detection conditions, as well as TestInv-Code, a tool that checks execution traces of compiled programs for evidence of VDCs. Results: We present the full definitions of security goal models and vulnerability detection conditions, as well as structured methods for creating both. We describe the design and implementation of TestInv-Code. Finally we show results obtained from running TestInv-Code to detect typical vulnerabilities in several open source projects. By testing versions with known vulnerabilities, we can quantify the effectiveness of the approach. Conclusion: Although the current implementation has some limitations, passive testing for vulnerability detection works well, and using models as the basis for testing ensures that users of the testing tool can easily extend it to handle new vulnerabilities. (c) 2012 Elsevier B.V. All rights reserved.

关键词： software security Security modelling secure software engineering Automatic testing Dynamic analysis

来源：评论

学校读者我要写书评

暂无评论

I'm all ears! Listening to software developers on putting GDPR principles into software development practice

引用

PERSONAL AND UBIQUITOUS COMPUTING 2021年第5期25卷 879-892页

作者： Alhazmi, Abdulrahman Arachchilage, Nalin Asanka Gamagedara La Trobe Univ Sch Engn & Math Sci Melbourne Vic Australia Univ Auckland Sch Comp Sci Auckland New Zealand

Previous research has been carried out to identify the impediments that prevent developers from incorporating privacy protocols into software applications. No research has been carried out to find out why developers are not able to develop systems that preserve privacy while specifically considering the General Data Protection Regulation principles (GDPR principles). Consequently, this paper aims to examine the issues, which prevent developers from creating applications, which consider and include GDPR principles into their software systems. From our research findings, we identified the lack of familiarity with GDPR principles by developers as one of the obstacles that prevent GDPR onboarding. Those who were familiar with the principles did not have the requisite knowledge about the principles including their techniques. Developers focused on functional than on privacy requirements. Unavailability of resourceful online tools and lack of support from institutions and clients were also identified as issues inimical to the onboarding of GDPR principles.

关键词： Usable security Privacy software developers secure software engineering GDPR

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：