Activity and artifact views of a secure software development process

Proceedings - 12th IEEE International Conference on Computational Science and Engineering, CSE 2009

Volumn 3, Issue , 2009, Pages 399-404

  Khan, Muhammad Umair Ahmed ^a   Zulkernine, Mohammad ^a  

^a QUEEN S UNIVERSITY   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

DEVELOPMENT ACTIVITY; NEW PROCESS; SECURE SOFTWARE DEVELOPMENT; SOFTWARE DEVELOPMENT PROCESS;

COMPUTER SOFTWARE; SOFTWARE DESIGN;

NETWORK SECURITY;

EID: 70849083494     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSE.2009.383     Document Type: Conference Paper

References (15)

1. J. Juerjens, Secure Systems Development with UML, Springer, 2005.
2. C.E. Landwehr, A.R. Bull, J.P. McDermott, and W.S. Choi, "Taxonomy of Computer Program Security Flaws, " ACM Computing Surveys, 1994, vol. 16, no. 3, pp. 211-254.
3. I.V. Krsul, "Software Vulnerability Analysis, " Doctoral dissertation, Department of Computer Sciences, Purdue University, Indiana, USA, 1998.
4. M.U.A. Khan and M. Zulkernine, "Quantifying Security in Secure Software Development Phases, " In Proc. of the 2nd IEEE International Workshop on Secure Software Engineering (IWSSE'08), Turku, Finland, 2008, IEEE CS Press, pp. 955-960, 2008.
5. A. Jaquith, Security Metrics, Addison Wesley, 2007.
6. D. Verdon and G. McGraw, "Risk Analysis in Software Design, " IEEE Security and Privacy, IEEE CS Press, 2004, vol. 2, no. 4, pp. 79-84.
7. R. Kissel, "Glossary of Key Information Security Terms, " National Institute of Standards and Technology, NISTIR-7298, 2006.
8. G. McGraw, Software Security: Building Security In, Addison Wesley, 2006.
9. S. Lipner, "The Trustworthy Computing Security Development Lifecycle, " In Proc. of the 20th Annual Computer Security Applications Conference (ACSAC '04), CA, USA, 2004, IEEE CS Press, pp. 2-13.
10. OWASP CLASP Project, http://www.owasp.org/index.php/Category:OWASP-CLASP- Project. Visited May 2009.
11. I. Flechais, C. Mascolo, and M.A. Sasse, "Integrating Security and Usability into the Requirements and Design Process, " International Journal of Electronic Security and Digital Forensics, Inderscience Publishers, Geneva, Switzerland, 2007, vol. 1, no. 1, pp. 12-26.
12. A.S. Sodiya, S.A. Onashoga, and O.B. Ajayi, "Towards Building Secure Software Systems, " Issues in Informing Science and Information Technology, Informing Science Institute, California, USA, 2006, vol. 3, pp. 635-646.
13. M. Essafi, L. Labed, and H.B. Ghezala, "S2D-ProM: A Strategy Oriented Process Model for Secure Software Development, " In Proc. of the 2nd International Conference on Software Engineering Advances (ICSEA'07), Cap Esterel, French Riviera, France, 2007, p. 24.
14. M.U.A. Khan and M. Zulkernine, "On Selecting Appropriate Development Processes and Requirement Engineering Methods for Secure Software, " In Proc. of the 4th IEEE International Workshop on Security, Trust, and Privacy for Software Applications (STPSA 2009), Seattle, WA, USA, IEEE CS Press, 2009, to appear.
15. B.W. Boehm and P.N. Papaccio, "Understanding and Controlling Software Costs, " IEEE Transactions on Software Engineering, 1988, vol. 14, no. 10, pp. 1462-1477.