Security-Aware Systems Applications and Software Development Methods

Security-Aware Systems Applications and Software Development Methods

Copyright: © 2012 |Pages: 416

ISBN13: 9781466615809|ISBN10: 146661580X|EISBN13: 9781466615816

DOI: 10.4018/978-1-4666-1580-9

Cite Book Cite Book

MLA

Khan, Khaled M., editor. Security-Aware Systems Applications and Software Development Methods. IGI Global, 2012. https://doi.org/10.4018/978-1-4666-1580-9

APA

Khan, K. M. (Ed.). (2012). Security-Aware Systems Applications and Software Development Methods. IGI Global. https://doi.org/10.4018/978-1-4666-1580-9

Chicago

Khan, Khaled M., ed. Security-Aware Systems Applications and Software Development Methods. Hershey, PA: IGI Global, 2012. https://doi.org/10.4018/978-1-4666-1580-9

Export Reference

Favorite Full-Book Download

With the prevalence of cyber crime and cyber warfare, software developers must be vigilant in creating systems which are impervious to cyber attacks. Thus, security issues are an integral part of every phase of software development and an essential component of software design.

Security-Aware Systems Applications and Software Development Methods facilitates the promotion and understanding of the technical as well as managerial issues related to secure software systems and their development practices. This book, targeted toward researchers, software engineers, and field experts, outlines cutting-edge industry solutions in software engineering and security research to help overcome contemporary challenges.

Table of Contents

Reset

Front Materials

Title Page

Copyright Page

Editorial Advisory Board

Preface

Chapters

Secure Software Development Process

Chapter 1

Agile Software Development: The Straight and Narrow Path to Secure Software? (pages 1-15)

Torstein Nicolaysen, Richard Sassoon, Maria B. Line, Martin Gilje Jaatun

In this article, the authors contrast the results of a series of interviews with agile software development organizations with a case study of a distributed agile development effort, focusing on how information security is taken care...

Chapter 2

Assimilating and Optimizing Software Assurance in the SDLC: A Framework and Step-Wise Approach (pages 16-34)

Aderemi O. Adeniji, Seok-Won Lee

Software Assurance is the planned and systematic set of activities that ensures software processes and products conform to requirements while standards and procedures in a manner that builds trusted systems and secure software. While...

Chapter 3

Towards Designing E-Services that Protect Privacy (pages 35-50)

George O. M. Yee

The growth of electronic services (e-services) has resulted in large amounts of personal information in the hands of service organizations like banks, insurance companies, and online retailers. This has led to the realization that...

Security Requirements Analysis and Modeling

Chapter 4

Software Engineering Security Based on Business Process Modeling (pages 52-68)

Joseph Barjis

Security requirements must be tackled early in software design and embedded in corresponding business process models. As a blueprint for software design, business process models complemented with security requirements will prevent...

Chapter 5

Integrating Access Control into UML for Secure Software Modeling and Analysis (pages 69-88)

Thuong Doan, Steven Demurjian, Laurent Michel, Solomon Berhe

Access control models are often an orthogonal activity when designing, implementing, and deploying software applications. Role-based access control (RBAC) which targets privileges based on responsibilities within an application and...

Chapter 6

Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods (pages 89-107)

Nancy R. Mead

The premise of this paper is that pilot case studies in security requirements engineering provide both benefits and challenges to the underlying research, education, and technology transition effort. Over the past four years we have...

Chapter 7

Security Requirements Engineering for Evolving Software Systems: A Survey (pages 108-128)

Armstrong Nhlabatsi, Bashar Nuseibeh, Yijun Yu

Long-lived software systems often undergo evolution over an extended period. Evolution of these systems is inevitable as they need to continue to satisfy changing business needs, new regulations and standards, and introduction of...

Vulnerability Detection

Chapter 8

Monitoring Buffer Overflow Attacks: A Perennial Task (pages 130-151)

Hossain Shahriar, Mohammad Zulkernine

Buffer overflow (BOF) is a well-known, and one of the worst and oldest, vulnerabilities in programs. BOF attacks overwrite data buffers and introduce wide ranges of attacks like execution of arbitrary injected code. Many approaches...

Chapter 9

CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection (pages 152-167)

Huning Dai, Christian Murphy, Gail E. Kaiser

Many software security vulnerabilities only reveal themselves under certain conditions, that is, particular configurations and inputs together with a certain runtime environment. One approach to detecting these vulnerabilities is...

Protection Mechanisms

Chapter 10

Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks (pages 169-189)

San-Tsai Sun, Konstantin Beznosov

This paper presents an approach for retrofitting existing Web applications with run-time protection against known, as well as unseen, SQL injection attacks (SQLIAs) without the involvement of application developers. The precision of...

Chapter 11

Improving Memory Management Security for C and C++ (pages 190-216)

Yves Younan, Wouter Joosen, Frank Piessens, Hans Van den Eynden

Memory managers are an important part of modern language and are used to dynamically allocate memory. Many managers exist; however, two major types can be identified: manual memory allocators and garbage collectors. In the case of...

Chapter 12

Katana: Towards Patching as a Runtime Part of the Compiler-Linker-Loader Toolchain (pages 217-233)

Sergey Bratus, James Oakley, Ashwin Ramaswamy, Sean W. Smith, Michael E. Locasto

The mechanics of hot patching (the process of upgrading a program while it executes) remain understudied, even though it offers capabilities that act as practical benefits for both consumer and mission-critical systems. A reliable...

Chapter 13

A Formal Approach for Securing XML Document (pages 234-246)

Yun Bai

With the ever increasing demand for the Web-based applications over the Internet, the related security issue has become a great concern. Web document security has been studied by many researchers and various security mechanisms have...

Tools for Security-Aware Development

Chapter 14

A Tool Support for Secure Software Integration (pages 248-268)

Khaled M. Khan, Jun Han

This paper presents a tool for the integration of security-aware services based applications that is constructed on the principles of security characterization of individual software services. The tool uses the technique of reasoning...

Chapter 15

Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS (pages 269-284)

Shamal Faily, Ivan Fléchais

Understanding how to better elicit, specify, and manage requirements for secure and usable software systems is a key challenge in security software engineering, however, there lacks tool-support for specifying and managing the...

Secure Software Education and Training

Chapter 16

Secure Software Education: A Contextual Model-Based Approach (pages 286-312)

J. J. Simpson, M. J. Simpson, B. Endicott-Popovsky, V. Popovsky

This article establishes a context for secure information systems development as well as a set of models used to develop and apply a secure software production pedagogy. A generic system model is presented to support the system...

Chapter 17

Development of a Master of Software Assurance Reference Curriculum (pages 313-327)

Nancy R. Mead, Julia H. Allen, Mark Ardis, Thomas B. Hilburn, Andrew J. Kornecki, Rick Linger, James McDonald

Modern society is deeply and irreversibly dependent on software systems of remarkable scope and complexity in areas that are essential for preserving this way of life. The security and correct functioning of these systems are vital....

Chapter 18

A Rigorous Approach to the Definition of an International Vocational Master’s Degree in Information Security Management (pages 328-343)

Frédéric Girard, Bertrand Meunier, Duan Hua, Eric Dubois

In Luxembourg, like in many other countries, information security has become a central issue for private companies and public organizations. Today, information is the main asset of a company for its business and, at the same time...

Back Materials

Compilation of References

About the Contributors

Index

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account