S2D-ProM: A strategy oriented process model for secure software development

2nd International Conference on Software Engineering Advances - ICSEA 2007

Volumn , Issue , 2007, Pages

  Essafi, Mehrez ^a   Labed, Lamia ^a   Ben Ghezala, Henda ^a  

^a UNIVERSITY OF MANOUBA   (Tunisia)

Author keywords

Component secure software development; Strategic process model; Tactical guidance; Trategic guidance

Indexed keywords

PROCESS MONITORING; SOFTWARE DESIGN; SOFTWARE ENGINEERING; STRATEGIC PLANNING;

ALL PHASES; COMPONENT-SECURE SOFTWARE DEVELOPMENT; DO-MAINS; ORIENTED PROCESSES; PROCESS COMPLEXITIES; PROCESS MODELS; PROCESS VIEWS; PRODUCT STATES; SECOND LEVELS; SECURE SOFTWARES; SOFTWARE DEVELOPMENT PROCESSES; SOFTWARE DEVELOPMENTS; STRATEGIC PROCESS MODEL; TACTICAL GUIDANCE; TRATEGIC GUIDANCE;

PLANNING;

EID: 47849113405     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICSEA.2007.59     Document Type: Conference Paper

References (34)

1. "Common Criteria for Information Technology Security Evaluation (ISO 15408) - Part 3: Security assurance requirements - version 2.1D."
2. "Improving Security Across The Software Development Life Cycle," Task Force Report, April 1, 2004.
3. "Information Security Management References," http://reform.house.gov/UploadedFiles/BestPracticesBibliography.pdf
4. "JTC 1/SC 27 - IT Security techniques Standards," http://www.iso.org/
5. A. Jaquith, "The Security of Applications: Not AU Are Created Equal," Research Report, ©Stake, February 2002, pp. 1-12.
6. C. Mann, "Why Software Is so Bad," Technology Review, July/August 2002.
7. C. Rolland, N. Prakash, A. Benjamen, "A Multi-Model View of Process Modelling," Requirements Engineering Journal, 1999.
8. D. Gilliam, J. Powell, E. Haugh, M. Bishop, "Addressing Software Security and Mitigations in the Life Cycle," Proceedings of the 28th Annual NASA Goddard Software Engineering Workshop (SEW'03), IEEE Computer Society, 2003.
9. D. P. Gilliam, T. L. Wolfe, J. S. Sherif, M. Bishop, "Software Security Checklist for the Software Life Cycle," Proceedings of the Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'03), 2003.
10. G. McGraw, "Misuse and Abuse Cases: Getting Past the Positive," published by The IEEE Computer Society, IEEE Security & Privacy, May/June 2004.
11. G. McGraw, "Software Security: Building Security IN," In IEEE Computer Society, IEEE Security and Privacy, 2004.
12. G., McGraw, "Testing for Security During Development: Why We Should Scrap Penetrate-and-Patch," IEEE Aerospace and Electronic Systems, vol. 13, no. 4, 1998, pp.13-15.
13. H. Abie, D. Aredo, T. Kristoffersen, S. Mazaher, T. Raguin, "Integrating a Security Requirement Language with UML," In the Proc. of the Seventh International Conference on UML Modeling Languages and Applications, LNCS 3273, Lisbon, Portugal, October 2004, pp. 350-364.
14. H. Ben Ghezala, I. Bayoudh, Y. Jamoussi, "Formalization of Navigation Strategies in a Map," 5th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, 2001.
15. H. Chen, D. Wagner, "MOPS: An Infrastructure for Examining Security Properties of Software," CCS'02, ACM, USA, November 2002.
16. Hoglund, G., McGraw, G., "Exploiting Software How to Break Code," Addison Wesley, February 17, 2004.
17. Howard, M., LeBlanc, D., "Writing Secure Code," Microsoft PressMicrosoft Corporation, 2002.
18. J. Pescatore, "Keys to Achieving Secure Software Systems," Gartner Inc., September 22, 2004.
19. J. Viega, G. McGraw, "Building Secure Software: How to avoid Security Problems the Right Way," Addison-Wesley, Boston, 2001.
20. M. Essafi, H. Ben Ghezala, "Secure Software Engineering Processes," 3rd International Conference on Computing, Communications and Control Technologies (CCCT '05), July 24-27, 2005 - Austin, Texas, USA.
21. M. Essafi, L. Labed, H. Ben Ghezala, "Addressing Software Application Security Issues," 10th WSEAS International Conference on COMPUTERS (CSCC'06), July 13-15, 2006 - Vouliagmeni, Athens, Greece.
22. Mark, G., K., Graff, R., van Wyk, "Secure Coding: Principles & Practices," O'Reilly, June 2003.
23. N. Davis, W. Humpphery, T. Samuel, JR. Redwine, G. Zibulski, G. McGraw, "Processes for Producing Secure Software," Published By The IEEE Computer Society, IEEE Security & Privacy, May/June 2004.
24. NIST: National Institute of Standards and Technology. "The Economic Impacts of Inadequate Infrastructure for Software Testing," (Planning Report 02-3), 2002.
25. R. Anderson, "Why Cryptosystems Fail," In Proc. 1st Conf. On Computer and Communications Security, 1993.
26. R. Burke, B. Mobasher, R. Zabicki, R. Bhaumik, "Identifying Attack Models for Secure Recommendation," Workshop: Beyond Personalization, IUI'05, January 9, 2005, San Diego, California, USA.
27. Siemens, "Current Formal Security Models," Information and Communication Security, 2003.
28. T. Ball, "The verified software challenge: A call for a holistic approach to reliability," In Verified Software: Theories, Tools, Experiments, October 2005.
29. Viega, J. "The CLASP Application Security Process. Secure Software", http://www.securesoftware.com, 2005.
30. Weissman, C, "Penetration Testing in Information Security Essays", M. D. Abrams, S. Jajodia and H. Podell, Editors, IEEE Computer Society Press. 1994.
31. Barnum, S., McGraw, G., "Knowledge for software security, Security & Privacy Magazine", IEEE, Volume 3, Issue 2, pages 74-78, ISSN 1540-7993, March-April 2005.
32. Schneider, T., "Secure Software Engineering Processes: Improving the Software Development Life Cycle to Combat Vulnerability", SQP VOL. 9, NO. 1, 2006, http://www.asq.org
33. M. Essafi, H. Ben Ghezala, "Towards a Comprehensive View of Secure Software Engineering," submitted to the First International Workshop on Requirements, Intentions and Goals in Conceptual Modeling (RIGiM), Auckland, New Zealand, 5-7 November 2007, unpublished.
34. G. McGraw, Software Security: Building Security In, Addison-Wesley, ISBN: 978-0-321-35670-3, 410 pages, 22/02/2006.