Secure Software Framework for Process Improvement

International Journal of Computer Science and Engineering
© 2016 by SSRG - IJCSE Journal
Volume 3 Issue 12
Year of Publication : 2016
Authors : Dr.R.Surendiran

pdf
How to Cite?

Dr.R.Surendiran, "Secure Software Framework for Process Improvement," SSRG International Journal of Computer Science and Engineering , vol. 3,  no. 12, pp. 19-25, 2016. Crossref, https://doi.org/10.14445/23488387/IJCSE-V3I12P105

Abstract:

Nowadays, Web applications are developing quickly. Software security has become an excessive challenge as the ratio of breaches is growing. The highest purpose behind the security breaches of software systems is the lack of security concern throughout the quick development stages. There are two views in software development, Product view and process view. Previous is concerned is what is to be developed and the latter is concerned with how it is to be established. In this paper we explain how the lack of concentration on security in software process improvement in to security vulnerabilities, and we propose an agile method for safe software design that needs team members to have received suitable security education and training.

Keywords:

Security, Secure software Life cycle, Software systems, architectural, development.

References:

1) WANG, HUAIQING, AND CHEN WANG. Taxonomy of security considerations and software quality. Communications of the ACM 46.6 (2003): 75-78.
2) DEVANBU, PREMKUMAR T., AND STUART STUBBLEBINE. Software engineering for security: a roadmap. Proceedings of the conference on the future of Software engineering. ACM, 2000.
3) C. Mann, “Why Software is so bad” Technology Review (July/August 2002) 
4) SHIRAZI H. M., A New Model for Secure Software Development. International Journal of Intelligent Information Technology Application, 2009, 2(3):136-143
5) BOEHM, BARRY W. Industrial software metrics top 10 list. IEEE software 4.5 (1987): 84-85. 
6) KHAN, MUHAMMAD UMAIR AHMED, AND MOHAMMAD ZULKERNINE. A Survey on Requirements and Design Methods for Secure Software Development. No. 2009- 562. Technical Report, 2009.
7) KHAN, MUHAMMAD UMAIR AHMED, AND MOHAMMAD ZULKERNINE. Activity and Artifact Views of a Secure Software Development Process. Computational Science and Engineering, 2009. CSE'09. International Conference on. Vol. 3. IEEE. 2009. 
8) Mir, Irshad Ahmad, and S. M. K. Quadri. "Analysis and evaluating security of component-based software development: A security metrics framework." International Journal of Computer Network and Information Security (IJCNIS) 4.11 (2012): 21. 
9) BOEHM, BARRY W., AND PHILIP N. PAPACCIO. Understanding and controlling software costs. Software Engineering, IEEE Transactions on 14.10 (1988): 1462-1477.
10) FIRESMITH, DONALD. Specifying reusable security requirements. Journal of Object Technology 3.1 (2004): 61-75.
11) McGraw, Gary. Software Security: Building Security In. Boston,MA: Addison-Wesley, 2006.
12) Nicole Perlroth. A Tough Corporate Job Asks One Question: Can You Hack It? New YorkTimes Online, 20 July 2014.
13) Stephen J. Ross. Whiz Bang 2000. ISACA Journal, 6, 2014.
14) Dave Wichers. Breaking the Waterfall Mindset of the Security Industry.In OWASP AppSecUSA, New York, 2008.
15) JÜRJENS, JAN. Secure systems development with UML. Springer, 2004.
16) LODDERSTEDT, TORSTEN, DAVID BASIN, AND JÜRGEN DOSER. Secure UML: A UML- based modeling language for model-driven security. «UML» 2002—The Unified Modeling Language (2002): 426-441. 17) FIRESMITH, DONALD G. Security use cases. Journal of object technology 2.3 (2003).
18) SINDRE, GUTTORM, AND ANDREAS L. OPDAHL. Eliciting security requirements with misuse cases. Requirements Engineering 10.1 (2005): 34-44. 
19) MCDERMOTT, JOHN, AND CHRIS FOX. Using abuse case models for security requirements analysis. Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual.IEEE, 1999.
20) HUSSEIN, MOHAMMED, AND MOHAMMAD ZULKERNINE. UML intr: a UML profile for specifying intrusions." 
Engineering of Computer Based Systems, 2006. ECBS 2006. 13th Annual IEEE International Symposium and Workshop on. IEEE, 2006.
21) RAIHAN, MOHAMMAD, AND MOHAMMAD ZULKERNINE. AsmLSec: an extension of abstract state machine language for attack scenario specification. Availability, Reliability and Security, 2007.ARES 2007.The Second International Conference on.IEEE, 2007.
22) DOAN, THUONG, ET AL. "MAC AND UML FOR SECURE SOFTWARE DESIGN. Workshop on Formal Methods in Security Engineering: Proceedings of the 2004 ACM workshop on Formal methods in security engineering. Vol. 29.No. 29. 2004.
23) SALTZER, JEROME H., AND MICHAEL D. SCHROEDER. The protection of information in computer systems." Proceedings of the IEEE 63.9 (1975): 1278-1308.
24) BISHOP, MATT. Introduction to computer security. Addison-Wesley Professional, 2004.
25) HOWARD, MICHAEL, AND DAVID LEBLANC. Writing secure code. Microsoft press, 2009.
26) PEINE, HOLGER. Rules of thumb for developing secure software: Analyzing and consolidating two proposed sets of rules. Availability, Reliability and Security, 2008.ARES 08.Third International Conference on.IEEE, 2008.
27) BAUER, BERNHARD, JÖRG P. MÜLLER, AND JAMES ODELL. Agent UML: A formalism for specifying multi agent interaction. Agent-oriented software engineering.Vol. 1957.Springer, Berlin, 2001.
28) GRAFF, MARK, AND KENNETH VAN WYK. Secure coding: principles and practices. O'Reilly Media, Incorporated, 2003. 
29) HOLZMANN, GERARD J. The power of 10: rules for developing safety-critical code. "Computer 39.6 (2006): 95-99. 
30) Carnegie Mellon university, copyright © 1995-2009 [modified: February 12, 2009], cert, http://www.cert.org/stats/