Secure software design in practice

ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

Volumn , Issue , 2008, Pages 1164-1171

  Meland, Per Håkon ^a   Jensen, Jostein ^a  

^a SINTEF   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

DESIGN PHASE; INTERNATIONAL CONFERENCES; LIFE-CYCLE; PRACTICAL TECHNIQUES; SECURE SOFTWARE; TARGET GROUP;

SOFTWARE DESIGN;

EID: 49049101701     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2008.48     Document Type: Conference Paper

References (40)

1. G. McGraw, "From the Ground Up: The DIMACS Software Security Workshop" in IEEE Security & Privacy, vol. 1, 2003, pp. 59-66.
2. G. McGraw and G. Morrisett, "Attacking Malicious Code: A Report to the Infosec Research Council," IEEE Software, vol. 17, pp. 33-41, 2000.
3. C. A. Sledge and J. Allen, "What Is My Role in Information Survivability? Why Should I Care?," CERT Coordination Center, Software Engineering Institute Carnegie Mellon University 2003.
4. K. Hoo, A. Saudbury, and A. Jaquith, "Tangible ROI through Secure Software Engineering," Secure Business Quarterly, vol. 1, pp. 1-3, 2001.
5. A. Jaquith, "The Security of Applications: Not All Are Created Equal," @Stake February 2002.
6. I. Flechais, C. Mascolo, and M. A. Sasse, "Integrating security and usability into the requirements and design process," International Journal of Electronic Security and Digital Forensics, vol. 1, pp. 12-26, 2007.
7. I. A. Tøndel, M. G. Jaatun, and P. H. Meland, "Security Requirements for the Rest of Us: A Survey," to appear in IEEE Software, January/February 2008.
8. K. M. Goertzel, T. Winograd, H. L. McKinley, P. Holley, and B. A. Hamilton, "Security in the Software Lifecycle," Department of Homeland Security, Version 1.2 August 2006.
9. K. M. Goertzel, T. Winograd, H. L. McKinley, L. Oh, M. Colon, T. McGibbon, E. Fedchak, and R. Vienneau, "Software Security Assurance," Information Assurance Technology Analysis Center and Data (IATAC) and Analysis Center for Software (DACS) July 31 2007.
10. N. Davis, "Secure Software Development Life Cycle Processes," Software Engineering Institute, Carnegie Mellon University, 2005.
11. N. Davis, S. T. Redwine, G. Zibulski, G. McGraw, and W. Humphrey, "Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report," in IEEE Security & Privacy, vol. 2, 2004, pp. 18-25.
12. National Cyber Security Task Force, "Processes to produce Secure Software-Towards more Secure Software," National Cyber Security Partnership March 2004.
13. K. R. Jayaram and A. P. Mathur, "Software Engineering for Secure Software-State of the Art: A Survey," CERIAS and SERC SERC-TR-279, September 19th 2005.
14. R. Villarroel, E. Fernández-Medina, and M. Piattini, "Secure information system development - a survey and comparison," Computers & Security, vol. 24, pp. 308-321, 2005.
15. M. Siponen, Designing secure information systems and software Critical evaluation of the existing approaches and a new paradigm: University of Oulu, 2002.
16. J. Jürjens, Secure Systesm Development with UML: Springer, 2004.
17. T. Lodderstedt, D. A. Basin, and J. Doser, "SecureUML: A UML-Based Modeling Language for Model-Driven Security," presented at the 5th International Conference on the Unified Modeling Langugage, Dresden, Germany, 2002.
18. M. S. Lund, F. d. Braber, K. Stølen, and F. Vraalsen, "A UML profile for the identification and analysis of security risks during structured brainstorming," SINTEF ICT STF40 A03067, May 2004,
19. M. Howard and S. Lipner, The Security Development Lifecycl: Microsoft Press, 2006.
20. A. Apvrille and M. Pourzandi, "Secure Software Development by Example," in IEEE Security & Privacy, vol. 3, 2005, pp. 10-17.
21. N. Davis, "Developing Secure Software," The DoD Software Tech News, vol. 8, pp. 3-7, 2005.
22. J. H. Saltzer and M. D. Schroeder, "The Protection of Information in Computer Systems," Communications of the ACM, vol. 17, 1974.
23. M. Bishop., Computer Security: Art and Science: Addison Wesley Professional, 2003.
24. E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software: Addison-Wesley Professional, 1995.
25. J. Yoder and J. Barcalow, "Architectural Patterns for Enabling Application Security," presented at Proceedings of the 4th Conference on Patterns Language of Programming (PLoP'97), 1997.
26. D. M. Kienzle, M. C. Elder, D. Tyree, and J. Edwards-Hewitt, "Security Patterns Repository Version 1.0," 2002.
27. S. Romanosky, "Security Design Patterns Part 1 vl. 4," 2001.
28. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering: Wiley 2006.
29. B. Blakley, C. Heath, and TheOpenGroup, "Security Design Patterns (SDP) technical guide," vol. accessed 1.10.2007, [Online], Ed.: http://www.opengroup.org/security, 2004.
30. M. Kis, "Information Security Antipatterns in Software Requirements Engineering," presented at the 9th Conference on Pattern Language of Programs 2002 (PLoP2 2002), 2002.
31. F. Swiderski and W. Snyder, Threat Modeling: Microsoft Professional, 2004.
32. B. Schneier, "Attack Trees - Modeling security threats," Dr. Dobb's Journal, 2001.
33. G. Sindre and A. L. Opdahl, "Templates for Misuse Case Description," presented at the 7 International Workshop on Requirements Engineering, Foundation for Software Quality (REFSQ'2001), Switzerland, 2001.
34. B. K. Jayaswal and P. C. Pattern, Design for Trustworthy Software: Tools, Techniques, and Methodology of Developing Robust Software: Prentice Hall 2006.
35. J. D. Meier, A. Mackman, M. Dunner, S. Vasireddy, R. Escamilla, and A. Murukan, Improving Web Application Security: Threats and Countermeasures: Microsoft Corporation, 2003.
36. M. Dowd, J. McDonald, and J. Schuh, The Art of Software Security Assessment: Addison-Wesley, 2007.
37. S. Lipner and M. Howard, "The Trustworthy Computing Security Development Lifecycle," 2005.
38. M. Howard and D. LeBlanc, Writing Secure Code 2nd ed. Redmond, Washington: Microsoft Press, 2003.
39. S. Campbell, "The Science of Software Development," in The Code Project, 2004.
40. C. Steel, R. Nagappan, and R. Lai, Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management: Prentice Hall, 2005.