检索结果-内蒙古大学图书馆

Systematic Mapping Study on Security Approaches in secure software engineering

IEEE ACCESS 2021年 9卷 19139-19160页

作者： Khan, Rafiq Ahmad Khan, Siffat Ullah Khan, Habib Ullah Ilyas, Muhammad Univ Malakand Dept Comp Sci & IT Software Engn Res Grp Chakdara 18800 Pakistan Qatar Univ Dept Accounting & Informat Syst Coll Business & Econ Doha Qatar

In the modern digital era, software systems are extensively adapted and have become an integral component of human society. Such wide use of software systems consists of large and more critical data that inevitably needs to be secured. It is imperative to make sure that these software systems not only satisfy the users' needs or functional requirements, but it is equally important to make sure the security of these software systems. However, recent research shows that many software development methods do not explicitly include software security measures during software development as they move from demand engineering to their final losses. Integrating software security at each stage of the software development life cycle (SDLC) has become an urgent need. Tackling software security, various methods, techniques, and models have been suggested and developed, however, only a few of them provide strong evidence for building secure software applications. The main purpose of this research is to study security measures in the context of the development of secure software (SSD) during the study of systematic mapping (SMS). Based on the inclusion and exclusion criteria, 116 studies were selected. After the data extraction from the selected 116 papers, these were classified based on the quality assessment, software security method, SDLC phases, publication venue, and SWOT analysis. The results indicate that this domain is still immature and sufficient research work needs to be carried out particularly on empirically evaluated solutions.

关键词： software Security Buildings software systems software measurement Systematics software engineering software security secure software development secure software engineering software development life cycle security approaches systematic mapping study

来源：评论

学校读者我要写书评

暂无评论

Exploring Security Procedures in secure software engineering: A Systematic Mapping Study 22

Exploring Security Procedures in Secure Software Engineering...

引用

26th ACM International Conference on Evaluation and Assessment in software engineering, EASE 2022

作者： Khan, Rafiq Ahmad Khan, Siffat Ullah Ilyas, Muhammad Department of Computer Science & IT University of Malakand Pakistan Department of Computer Science Gandhara University Peshawar Pakistan

ISBN: (纸本)9781450396134

Various new technologies have developed as software security solutions have become more critical. One of the essential parts of software quality is the product's security. Though providing examples covering all phases of secure software development is necessary, very few of these situations have been documented. More than a few approaches have been proposed and implemented to handle software security, but only a few of them provide valid evidence for developing secure software applications. This paper presents the results of a Systematic Mapping Study (SMS), which was carried out to determine the existence of software security metrics, tools, standards, and security-related research topics mainly discussed and addressed. A total of 116 studies were chosen for inclusion in this review. Selected studies led us to discover 55 secure software engineering (SSE) metrics, 68 SSE tools, 33 SSE standards, and 12 SSE research topics that have been discussed and addressed. This effort will aid software development firms in better understanding existing security measures employed in creating secure software. It can also serve as a foundation for researchers to build and create new software security solutions and identify new research directions. © 2022 ACM.

关键词： Systematic Mapping Study secure software Development secure software engineering software Security

来源：评论

学校读者我要写书评

暂无评论

Work in Progress: Towards an Academic secure software engineering Curriculum for Engineers 11

Work in Progress: Towards an Academic Secure Software Engine...

引用

IEEE Global engineering Education Conference (IEEE EDUCON)

作者： Jahn, Sabrina Mottok, Juergen Ostbayerisehe Tech Hsch Regensburg Regensburg Germany

ISBN: (纸本)9781728109305

In the age of the Internet of Things, it is becoming increasingly important to integrate knowledge about the development of secure systems (secure software engineering) into academic teaching. However, teaching IT Security and secure software engineering to non-computer scientists is rare. Therefore, we focus our research on the integration of IT Security into software engineering education of non-computer scientists, particularly electrical engineers, by means of inductive teaching- and learning-arrangements. After collecting students' preconceptions of IT Security and secure software engineering in prior work, this paper now contributes with a first mapping of these preconceptions with corresponding learning content as well as suitable inductive teaching methods to be able to create new lecture and exercise units and improve academic learning and teaching in both areas.

关键词： IT Security secure software engineering academic education engineering curriculum

来源：评论

学校读者我要写书评

暂无评论

Applying software Assurance and Cybersecurity NICE Job Tasks through secure software engineering Labs

Applying Software Assurance and Cybersecurity NICE Job Tasks...

引用

International Conference on ENTERprise Information Systems (CENTERIS) / International Conference on Project MANagement (ProjMAN) / International Conference on Health and Social Care Information Systems and Technologies (HCist)

作者： Dawson, Maurice Taveras, Pedro Taylor, Danielle IIT 10 West 35th St Chicago IL 60616 USA Pontificia Univ Catolica Madre & Maestra Abraham Lincoln Esq Simon Bolivar Santo Domingo 10108 Dominican Rep Univ Missouri 1 Univ Blvd St Louis MO 63131 USA

To meet growing demands in the United States market for cybersecurity professionals, the National Security Agency and Department of Homeland Security have jointly established the National Center for Academic Excellence. Until recently, cybersecurity efforts were focused on securing the network. However, numerous studies have revealed that significant vulnerabilities have been found within the software code. To teach programmers and software engineers having secure software engineering labs is critical. Experiential learning is the cornerstone of cybersecurity education. Laboratory exercises provide critical value to students. Real-world, malicious actors use varying tactics and techniques for cyber-attacks. Laboratory environments should mirror this dynamism, and students should be exposed to various tools and mitigation strategies. (C) 2019 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://***/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the scientific committee of the CENTERIS -International Conference on ENTERprise Information Systems / ProjMAN - International Conference on Project MANagement / HCist - International Conference on Health and Social Care Information Systems and Technologies.

关键词： secure software Development secure software engineering software Assurance Cybersecurity Cyberdefense

来源：评论

学校读者我要写书评

暂无评论

Applying software Assurance and Cybersecurity NICE Job Tasks through secure software engineering Labs

引用

Procedia Computer Science 2019年 164卷 301-312页

作者： Maurice Dawson Pedro Taveras Danielle Taylor Illinois Institute of Technology 10 West 35th Street Chicago IL 60616 USA Pontificia Universidad Catolica Madre y Maestra Abraham Lincoln esq. Simón Bolivar Santo Domingo 10108 Dominican Republic University of Missouri - Saint Louis 1 University Blvd St. Louis MO 63131 USA

关键词： secure software Development secure software engineering software Assurance Cybersecurity Cyberdefense

来源：评论

学校读者我要写书评

暂无评论

Exploring How to Apply secure software Design Principles

引用

IEEE ACCESS 2022年 10卷 128983-128993页

作者： Ebad, Shouki A. Northern Border Univ Fac Sci Dept Comp Sci Ar Ar 91431 Saudi Arabia

secure design principles (SDPs) are employed to be a solution against many types of attacks. However, it has been shown that software designers are not familiar with the notion of SDPs or do not understand how to implement them in the design stage. This paper tries to bridge this gap by applying SDPs to a real-world software project, electronic promotion system (ePS), and commenting on the contribution of each SDP. Saltzer and Schroeder's eight principles, along with three additional principles proposed by others, are chosen to be applied to ePS. The results show that most of the SPDs identified here were instrumental and applied in the ePS's design. Most of the eleven SDPs, economy of mechanism, fail-safe defaults, least privilege, least common mechanisms, sound authentication, defense in depth, and input validation were implemented on ePS to a great extent. Others, namely separation of privileges and psychological acceptability, were applied to a limited extent. The remaining two principles, complete mediation and open design, did not play a vital role, as ePS by itself satisfies these two principles. Some contradictions and interrelations among the SDPs when they were applied were also debated. Taking into account the integration of ePS with other enterprise systems in the same organization, it was felt placing SDPs in a general context would be beneficial and sufficient. This work is expected to bridge the gap between software developers and state-of-the-art research on software SDPs.

关键词： software engineering secure software engineering secure design principles software engineering Saltzer and Schroeder's principles

来源：评论

学校读者我要写书评

暂无评论

Security Assurance Model of software Development for Global software Development Vendors

引用

IEEE ACCESS 2022年 10卷 58458-58487页

作者： Khan, Rafiq Ahmad Khan, Siffat Ullah Alzahrani, Musaad Ilyas, Muhammad Univ Malakand Dept Comp Sci & IT Software Engn Res Grp Chakdara 18800 Pakistan Albaha Univ Dept Comp Sci Albaha Saudi Arabia

The number of security attacks and the impact has grown considerably in the recent several years. As a result, new emerging software development models are required that assist in developing software that is secure by default. This article reviews the most widely used security software models. It proposes a new Security Assurance Model (SAM) for software Development that is adaptable to all contemporary scenarios, emphasizing global software development (GSD) vendor companies. The SAM of software Development was developed after studying 11 well-known development models and analyzing results obtained from a systematic literature review (SLR) and questionnaire survey. The SAM of software Development consists of seven security assurance levels: Governance and Security Threat Analysis, secure Requirement Analysis, secure Design, secure Coding, secure Testing and Review, secure Deployment, and Security Improvement. The security assurance levels of SAM of software development consist of 46 critical software security risks (CSSRs) and 388 practices for addressing these risks. The proposed SAM of software Development was assessed based on a tool created by Motorola, which is used to evaluate the present state of a company's software processes and find areas for improvement. We conducted 3 case studies on software development companies, using data from real software projects to examine the results of a practical experiment in each company. The results of the case studies indicate that the proposed SAM of software Development helps measure the security assurance level of an organization. In addition, it can potentially serve as a framework for researchers to develop new software security measures.

关键词： software Security Capability maturity model Companies Systematics software measurement Industries secure software engineering software development life cycle global software development systematic mapping study systematic literature review questionnaire survey case study security risks and practices

来源：评论

学校读者我要写书评

暂无评论

Systematic Literature Review on Security Risks and its Practices in secure software Development

引用

IEEE ACCESS 2022年 10卷 5456-5481页

作者： Khan, Rafiq Ahmad Khan, Siffat Ullah Khan, Habib Ullah Ilyas, Muhammad Univ Malakand Software Engn Res Grp Dept Comp Sci & IT Chakdara 18800 Pakistan Qatar Univ Coll Business & Econ Dept Accounting & Informat Syst Doha Qatar

Security is one of the most critical aspects of software quality. software security refers to the process of creating and developing software that assures the integrity, confidentiality, and availability of its code, data, and services. software development organizations treat security as an afterthought issue, and as a result, they continue to face security threats. Incorporating security at any level of the software Development Life Cycle (SDLC) has become an urgent requirement. Several methodologies, strategies, and models have been proposed and developed to address software security, but only a few of them give reliable evidence for creating secure software applications. software security issues, on the other hand, have not been adequately addressed, and integrating security procedures into the SDLC remains a challenge. The major purpose of this paper is to learn about software security risks and practices so that secure software development methods can be better designed. A systematic literature review (SLR) was performed to classify important studies to achieve this goal. Based on the inclusion, exclusion, and quality assessment criteria, a total of 121 studies were chosen. This study identified 145 security risks and 424 best practices that help software development organizations to manage the security in each phase of the SDLC. To pursue secure SDLC, this study prescribed different security activities, which should be followed in each phase of the SDLC. Successful integration of these activities minimizing effort, time, and budget while delivering secure software applications. The findings of this study assist software development organizations in improving the security level of their software products and also enhancing their security efficiency. This will raise the developer's awareness of secure development practices as well.

关键词： software Security Codes software engineering Testing Systematics Companies software security SDLC security risks and practices secure software development secure software engineering systematic literature review

来源：评论

学校读者我要写书评

暂无评论

Analysis of Supply Chain Attacks in Open-Source software and Mitigation Strategies 5

Analysis of Supply Chain Attacks in Open-Source Software and...

引用

5th IEEE International Conference on Communication, Computing and Industry 6.0, C2I6 2024

作者： Merigala, Joseph Kumar, Vivek Gujjarlapudi, Jashuva Gupta, Manas Kumar, Athmakuri Satish K.L University Computer Science and Engineering Andhra Pradesh India

ISBN: (纸本)9798350379884

Supply Chain Attacks, particularly those exploiting the extensive implementation of open-source software and libraries have continued to compromise the security of enterprise applications. The exploit discovered in the XZ Utils software further pushes the discussion for more effective strategies for the mitigation of such risks. This paper delves into the security incident in detail and provides an in-depth analysis of mitigation strategies in place to prevent such attacks in heavily integrated systems implementing open-source software. The study emphasizes the importance of establishing robust software provenance verification mechanisms. Additionally, it highlights the necessity of collaboration between organizations to share threat intelligence and proactively address vulnerabilities. © 2024 IEEE.

关键词： OpenSSH Remote-Code Execution secure software Best Practices secure software engineering Supply-Chain Attacks

来源：评论

学校读者我要写书评

暂无评论

Detection of Phishing in Mobile Instant Messaging using Natural Language Processing and Machine Learning 11

Detection of Phishing in Mobile Instant Messaging using Natu...

引用

11th International Conference in software engineering Research and Innovation (CONISOFT)

作者： Verma, Suman Ayala-Rivera, Vanessa Portillo-Dominguez, A. Omar Natl Coll Ireland Sch Comp Dublin Ireland Technol Univ Dublin Sch Business Technol Retail & Supply Chain Dublin Ireland

ISBN: (纸本)9798350328837;9798350328844

Advancements in mobile technology makes it easier to communicate in real time, but at the cost of having a wider potential attack area for phishing. While there has been research in the field related to Email and SMS, Instant Messages lags behind. The widespread usage of instant messengers by individuals of all ages further motivates the addition of software security features in this context. This research aims to detect phishing in mobile instant messages by analysing the language of the message with the help of Natural Language Processing to detect keywords pointing towards phishing. We built the machine learning models using 3 different methods for feature extraction and 3 classification algorithms. Our tests showed that balancing the data with random oversampling increased the classifiers' performance, which were able to achieve an accuracy up to 99.2%.

关键词： Instant Messaging Social engineering Phishing Natural Language Processing secure software engineering

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：