Software security engineering: Toward unifying software engineering and security engineering

Enterprise Information Systems Assurance and System Security: Managerial and Technical Issues

Volumn , Issue , 2006, Pages 215-233

  Zulkernine, Mohammad ^a   Ahamed, Sheikh I ^b  

^a QUEEN S UNIVERSITY   (Canada)

^b MARQUETTE UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 33845206869     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-59140-911-3.ch014     Document Type: Chapter

References (33)

1. Anderson, R. (2001). Security engineering - A guide to building dependable distributed system. New York: John Wiley & Sons.
2. nd International Workshop on Scenarios and State Machines: Models. Algorithms, and Tools, Portland, OR (pp. 8-14).
3. th ACM symposium on Access Control Models and Technologies, Como, Italy (pp. 100-109).
4. Beck, K. (1999). eXtreme programming explained: Embrace change. Reading, MA: Addison Wesley.
5. Boehm, B. W. (1988). A spiral model of software development and enhancement. IEEE Computer, 21(5), 61-72.
6. th Annual Computer Security Applications Conference, Phoenix, AZ (pp. 55-66). IEEE Computer Society.
7. Devanbu, P. T., & Stubblebine, S. (2000, June). Software engineering for security: A roadmap. In A. Finkelstein (Ed.), The Future of Software Engineering. Proceedings of the International Conference on Software Engineering (pp. 227-239). Limerick, Ireland: ACM.
8. th International Symposium on Recent Advances in Intrusion Detection (RAID 2001), Lecture Notes in Computer Science (pp. 69-84). Germany: Springer-Verlag.
9. Finkelstein, A., & Kramer, J. (2000, June). Software engineering: A roadmap. In A. Finkelstein (Ed.), The Future of Software Engineering, Proceedings of the International Conference on Software Engineering (pp. 5-22). Limerick, Ireland: ACM.
10. Flechals, I., Sasse, M. A., & Hailes, S. M. V. (2003, August). Bringing security home: A process for developing secure and usable systems. In Proceedings of the New Security Paradigms Workshop, Ascona, Switzerland (pp. 49-57). ACM.
11. Gilliam, D. P., Wolfe, T. W., & Sherif, J. S. (2003, June). Software security checklist for the software life cycle. In Proceedings of the Twelfth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE '03) (pp. 243-248). IEEE.
12. Institute of Electrical and Electronics Engineers, Inc. (IEEE). (1999). Software engineering: Customer and terminology standards, Vol. 1. New York: Institute of Electrical and Electronics Engineers, Inc.
13. International Systems Security Engineering Association (ISSEA). (2003). SSE-CMM: Model Description Document, Version 3.0, SSE-CMM - ISO/IEC 21827, International Systems Security Engineering Association. Retrieved November 2005, from http://www.sse-cmm.org/docs/ssecmmv3final.pdf
14. Jacobson, I., Booch, G., & Rumbaugh, J. (1999). The unified software development process. Reading, MA: Addison Wesley.
15. Jürjens, J. (2003). Secure systems development with UML. New York: Springer-Verlag.
16. Kazman, R., Carriere, S. J., & Woods, S. G. (2000). Toward a discipline of scenario-based architectural engineering. Annals of Software Engineering, 9, 5-33.
17. Landwehr, C. E., Bull, A. R., McDermott, J. P., & Choi, W. S. (1994). A taxonomy of computer program security flaws. ACM Computing Surveys, 26(3), 211-254.
18. Laprie, J. (1992). Dependability: Basic concepts and terminology - In English, French, German, and Japanese. Vienna: Springer-Verlag.
19. Lindqvist, U., & Jonsson, E. (1998). A map of security risks associated with using COTS. IEEE Computer, 60-66. Retrieved November 2005, from http://downloads.securityfocus.com/library/cots98.pdf
20. Lodderstedt, T., Basin, D., & Doser, J. (2002, September). SecureUML: A UML-based modeling language for model-driven security. In Proceedings of the Fifth International Conference on the Unified Modeling Language: The Language and Its Applications. Germany: Springer Verlag.
21. McGraw, G. (2002). Managing software security risks. IEEE Computer, 99-101.
22. Oikinomopoulos, S., & Giritzails, S. (2004, September). Integration of security engineering into the rational unified process -An early iteration. In Proceedings of the Workshop on Specification and Automated Processing of Security Requirements - SAPS'04, Linz, Austria (pp. 167-176). Austrian Computer Society.
23. Orso, A., Harrold, M. J., & Rosenblum, D.(2001). Component metadata for software engineering tasks. In Proceedings of the EDO 2000, Lecture Notes in Computer Science, 1999 (pp. 129-144). Springer-Verlag.
24. Pfleeger, C. P., & Pfleeger, S. L. (2003). Security in computing. Upper Saddle River, NJ: Prentice-Hall.
25. Pressman, R. P. (2001). Software engineering: A practitioner's approach. New York: McGraw Hill.
26. de Roever, W. (1997). The need for compositional proof systems: A survey. In Compositionality: The Significant Difference (COMPOS '97), Lecture Notes in Computer Science, 1536 (pp. 1-22). Berlin: Springer-Verlag.
27. Royce, W. W. (1987). Managing the development of large software systems: Concepts and techniques. In WESCON Technical Papers, 1970, (Reprinted), Proceedings of the Ninth International Conference on Software Engineering (pp. 328-338). Monterey, CA: IEEE Computer Society Press.
28. th International Conference on Technology of Object-Oriented Languages and Systems (pp. 174-183). Sydney, Australia: IEEE Computer Society.
29. Thayer, R. H. (2002). Software system engineering: A tutorial. Computer, 35(4), 68-73.
30. Viega, J., & McGraw, G. (2001). Building secure software: How to avoid security problems the right way. Reading, MA: Addison-Wesley.
31. Vigna, G., Eckmann, S. T., & Kemmerer, R. A. (2000, October). Attack languages. In Proceedings of the IEEE Information Survivability Workshop, Boston (pp. 63-166). IEEE.
32. Wolf, A. L. (2004, October). Is security engineering really just good software engineering? Keynote Talk, ACM SIGSOFT '04/FSE-12, Newport Beach, CA.
33. Zhang, Q., & Zulkernine, M. (2004, September). Applying AsmL specification for automatic intrusion detection. In Proceedings of the Workshop on Specification and Automated Processing of Security Requirements - SAPS'04, Linz, Austria (pp. 221-223). Austrian Computer Society.