Software security engineering: Design and applications

Software Security Engineering: Design and Applications

Volumn , Issue , 2012, Pages 1-272

  Ramachandran, Muthu ^a  

^a LEEDS METROPOLITAN UNIVERSITY   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84891973904     PISSN: None     EISSN: None     Source Type: Book    
DOI: None     Document Type: Book

References (266)

1. Allen, J. H. et al. (2010) A look at software security engineering: a guide for project managers, http://www.stsc.hill.af.mil/crosstalk/2010/03/1003 allenellisonmeadbarnummcgraw.html.
2. Allen, J. et al. (2008) Software security engineering: A guide for project managers, Addison Wesley, SEI series, USA.
3. Ashford, W. (2009) http://www.computerweekly.com/Articles/2009/07/14/236875/on-demand-service-aims-to-cut-cost-of-fixing-softwaresecurity. htm.
4. Byers, D. and Shahmehri, N. (2007) Vulnerability cause graphs, Design of a Process for Software Security, Second International Conference on Availability, Reliability and Security (ARES'07).
5. BCS Security (2009) http://www.bcs.org/server.php?show=ConWebDoc. 25668andchangeNav=8265.
6. Cigital Touchpoints (2009) Software security touchpoints http://www. cigital.com/training/touchpoints/.
7. CLASP (2006) Comprehensive lightweight application security process, http://www.owasp.org.
8. Devanbu, P. T. and Stubblebine, S. (2000) Software Engineering for Security: a Roadmap, The future of Software Engineering, Finkelstein, A (ed.), ACM press, as part of 22nd Intl. conference on Software Engineering, Limerick, Ireland.
9. Essafi, M., Labed, L. and Ghezala, H. B. (2007) S2D-ProM: A Strategy Oriented Process Model for Secure Software Development, International Conference on Software Engineering Advances (ICSEA, 2007).
10. Fernandez-Sanz, L. (2003) Software Engineering: State of an Art, The European Journal for the Informatics Professional, http://www.upgradecepis. org/, Vol IV, No. 4, August.
11. Foritfy report (2009) The Silent Battlefield: Government's Alarming Vulnerability to Cyber Attack, white paper, www.fortify.com.
12. Gonzalez-Castillo, Y. O. (2004) Taxonomy of security, (http://www. europeanbiometrics.info/images/resources/66_470_file.pdf.
13. Howard, M. and Lipner, S. (2006) The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software, Microsoft Press.
14. Jurjen, J. (2005) Secure Systems Development with UML (UMLsec), Springer- Verlog, Germany.
15. Logan, C. (2004) Security principles: identity, authentication, authorization, Current ISandT, Issue 2, Vol 20, Nov/Dec, http://web.mit.edu/ist/isnews/v20/n02/200206.html.
16. McGraw, G. (2004) Software Security: Building Security In, IEEE Security and Privacy, March/April.
17. McGraw, G. (2006) Software security: building security in, Addison Wesley, USA.
18. Ramachandran, M. (2008) Software components: guidelines and applications, https://www.novapublishers.com/catalog/product_info.php?products_id=7 577.
19. Sindre, G. and A. L. Opdahl (2005) Eliciting security requirements with misuse cases, Requirements Eng (2005) 10: 34-44.
20. Taylor, R. Medvidovic, N. and Dashofy, E. M. (2010) Software architecture, Wiley.
21. Win, de B et al. (2008) On the Secure Software Development Process: CLASP, SDL and Touchpoints Compared, Elsevier.
22. Allen, J. H., et al. (2008) Software security engineering: a guide for project managers, Addison Wesley, 2008.
23. Belapurkar, A., et al. (2009) Distributed system security: issues, processes and solutions, Wiley.
24. Chen, A. Jia (2004) Security engineering for software (SES), CS996-CISM, isis.poly.edu/courses/cs996-management/Lectures/SES.pdf.
25. CLASP (2006) OWASP CLASP Version 1.2, http://www.lulu.com/items/volume_62/1401000/1401307/3/print/OWASP_CLASP_v1.2_for_print_L ULU.pdf.
26. Graham, D. (2006) Building Security In, https://buildsecurityin.uscert. gov/bsi/articles/best-practices/requirements/548-BSI.html.
27. Ellison, R.J. and Moore, A. P. (2003) Trustworthy Refinement through Intrusion-Aware Design (CMU/SEI-2003-TR-002, ADA414865).
28. Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2003. http://www.sei.cmu.edu/publications/documents/03. reports/03tr002.html.
29. Firesmith, D. (2007) Engineering Safety- and Security-Related Requirements ICCBSS Tutorial, SEI, Carnegie Mellon University, 27 February.
30. Firesmith, D. (2003) Engineering security requirements, Journal of Object Technology, Volume 2, No. 1, 2003.
31. Gamma, E. (1995) Design Patterns, Addison Wesley.
32. Goertzel, K., et al. (2006) Security in the Software Lifecycle: Making Software Development Processes-and Software Produced by Them-More Secure, Draft version 1.2. U.S. Department of Homeland Security, August, http://www.cert.org/books/secureswe/SecuritySL.pdf.
33. Goertzel, K., et al. (2007) Software Security Assurance: A State-of-the-Art Report (SOAR). Herndon, VA: Information Assurance Technology Analysis Center (IATAC) and Defense Technical Information Center (DTIC), 2007. http://iac.dtic.mil/iatac/download/security.pdf.
34. Howard, M. and LeBlanc, D. C. (2002) Writing Secure Code (2nd ed.). Redmond, WA: Microsoft Press.
35. Jacobson, I. (1992) Object-oriented software engineering: use-case-driven approach, Addison Wesley.
36. Kotonya, G. and Sommerville, I. (1998) Requirements Engineering: Processes and Techniques, Wiley.
37. Lamsweerde, van A. (2009) Requirements Engineering: From system goals to UML models to software specifications, Wiley, UK.
38. McGraw, G. (2006) Software security: building security in, Addison Wesley, USA.
39. Mead, N. R. et al. (2008) Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models, SEI Technical Note CMU/SEI-2008-TN-006, http://www.sei.cmu.edu.
40. Romero-Mariona, J., Ziv, H., Richardson, D. J. (2008), Security Requirements Engineering: A Survey, ISR Technical Report # UCI-ISR-08-2, Institute for Software Research, University of California, Irvine.
41. Schneier, B. (1999) Attack Trees: modeling security threats, Dr. Dobbs Journal, December, http://www.schneier.com/paper-attacktrees-ddjft. html.
42. Schneier, B. (2000) Secrets and Lies: Digital Security in a Networked World. New York, NY: John Wiley and Sons.
43. Sommerville, I. and Sawyer, P. (1998) Requirements Engineering: A good practice guide, Wiley.
44. Tondel, I. A et al. (2008) Security requirements for rest of us: a survey, IEEE Software, Special Issue on Security and Agile requirement engineering methods, January/February.
45. Win, D. B. et al. (2009) On the secure software development process: CLASP, SDL and Touchpoints compared, Information and Software Technology 51 (2009) 1152-1171.
46. Dowd, M., McDonald, J. and Schuh, J. (2007) The art of software security assessment: identifying and preventing software vulnerabilities, Addison Wesley.
47. Microsoft (2009a) SDL Threat Modeling Tool 3.1, http://www.microsoft. com/downloads/en/details.aspx?FamilyID=A48CCCB1-814B-47B6- 9D17-1E273F65AE19anddisplaylang=en
48. Goertzel, K. M. et al. (2007) Software Security Assurance, State-of-the-Art Report (SOAR) July 31, 2007, Published by IATAC and DACS.
49. Hoffman, J. L. et al. (2006) Trust Beyond Security: An Expanded Trust Model, Communications Of The Acm July, Vol. 49, No. 7.
50. Kindervag, J. (2010) No More Chewy Centers: Introducing The Zero Trust Model of Information Security, Forrestter Report, September, http://www.packetmotion.com/landing/zero-trust-model/
51. Olzak, T. (2006) A Practical Approach to Threat Modeling, March, http://adventuresinsecurity.com/blog/wp-content/uploads/2006/03/A_ Practical_Approach_to_Threat_Modeling.pdf.
52. Ristic, I. (2011) Threat Modeling for Web Application Deployment, ThinkingStone, http://www.modsecurity.org/documentation/Threat_ Modelling.pdf, accessed on 8th January 2011.
53. Openloop (2011) Trust model, http://www.openloop.com/software Engineering/security/PKI/TrustModel/index.htm, accessed on 10th January.
54. Ashbaugh, D. A. (2006) Assessing Information Security Risks in the Software Development Lifecycle, September, www.stsc.hill.af.mil.
55. TAM (2011) http://www.microsoft.com/downloads/en/confirmation.aspx? familyid=59888078-9daf-4e96-b7d1-944703479451anddisplaylang=en, accessed on 11th January.
56. Meneely, A. et al. (2009) Using Microsoft's Threat Analysis and Modeling Tool, http://agile.csc.ncsu.edu/SEMaterials/tutorials/msthreatmodeling/.
57. Microsoft (2009b) IT infrastructure threat modeling guide http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e1d53e3 f-a512-4668-85b3-169a777fc58fanddisplaylang=en.
58. Mauw, S. and Oostdijk, M. (2005) International Conference on Information Security and Cryptology-ICISC 2005. LNCS 3935, http://www.sti. uniurb.it/events/fosad05/attacktrees.pdf.
59. Barnum, S. and Sethi, A. (2006) Introduction to Attack Patterns, Cigital Inc, https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/attack/585- BSI.html
60. AmI (2008). Ambient Intelligence, http://www.ambientintelligence.org/.
61. Arango, G. (1994). A Brief Introduction to Domain Analysis, Proceedings of the 1994 ACM symposium on Applied computing, April 1994.
62. Ardis, M. (2000). Commonality analysis for defining software product lines, Tutorial, ICSE 2000, Limerick, Ireland.
63. Atkinson et al. (2001). Component-Based Product-Line Engineering with the UML, Addison-Wesley, September 2001.
64. Bass, L. Clements, P. Kazman, R (1998). Software Architecture In Practice Addison Wesley.
65. Boasson, M. (1995). The Artistry of software architecture, Special issue, IEEE Software, November 1995.
66. Chappell, D. (2002). Understanding.NET: A Tutorial and Analysis, Addison Wesley 2002.
67. Cohn, M. (2004). User stories applied for agile software development. Addison-Wesley Press 2004.
68. Coplien, J., Hoffman, D., and Weiss, D. (1998). Commonality and variability in software engineering, IEEE Software, November/December 1998.
69. Gomma, E. (2004). Design Software Product Lines, Addison Wesley 2004.
70. Howe, J. (2007). The Nature of Artificial Intelligence, Artificial Intelligence at Edinburgh University: a Perspective, http://www.inf.ed.ac.uk/about/ AIhistory.html.
71. Jacobson, et al. (1992). Object-Oriented Software Engineering: A use-casedriven approach, Addison Wesley, 1992.
72. Jazayeri, M., Ran, A., van der Linden, F. (2000). Software architecture for product families, Addison Wesley 2000.
73. Kruchten, P. (1995). The 4+1 view model of software architecture, Special issue, IEEE Software, November 1995.
74. Kuusela, J., and Savolainen, J. (2000). Requirements Engineering for Product Families, ICSE 2000, Limerick, Ireland.
75. Mannion, M., and Kaindl, M. (2001). Requirements-Based Product Line Engineering, ESEC/FSE 2001, Vienna, Austria.
76. Mohan, K., and Ramesh, B. (2007). Tracing variations in software product families, CACM, December, Vol. 50 No. 12.
77. Mellado, D. et al. (2010). Security requirements engineering framework for software product lines, Information and Software Technology 52 (2010) 1094-1117.
78. O'Brien, Liam and Smith, Dennis (2002). MAP and OAR Methods: Techniques for Developing Core Assets for Software Product Lines from Existing Assets, CMU/SEI, April 2002.
79. Poulin, S. J. (1997). Measuring software reuse, Addison Wesley, 1997.
80. Prieto-Diaz (1998). Domain Analysis, ACM SIGSOFT Software Engineering Notes, May 1998.
81. Ramachandran, M. (2005). Commonality and Variability Analysis in Industrial Practice for Product-line Improvement, Special issue, Journal of Software Process Improvement and Practice, Vol.10, Wiley.
82. Ramachandran, M. (2005). Reuse guidelines, ACM SIGSOFT Software Engineering Notes, Vol. 30; Issue 3, May 2005.
83. Ramachandran, M. (2008). Software Components: Guidelines and Applications, Nova Science Publishers, New York, USA. ISBN: 978-1- 60456-870-7, October/November 2008, https://www.novapublishers.com/catalog/product_info.php?products_id=7577 Pages 410.
84. Ramachandran, M. and Mangano, D. (2003). Knowledge-based Reasoning for Software Architectural Design Strategies, SE Notes, March 2003.
85. Ramachandran, M. and Sommerville, I. (1995). A framework for analyzing reuse knowledge, 7the Intl. conf. on Software Eng and Knowledge Eng (SEKE'95), Washington DC, 22-24 June, 1995, USA.
86. Ramachandran, M. and Ganeshan, S. (2009). Chapter 20 Commonality Analysis: Implications over a Successful Product Line, Edited by Ramachandran, M and de Carvalho, Rogério Atem (Editors) (2008) Handbook of Software Engineering and Productivity Technologies: Implications for Globalisation, IGI Publishers, USA, November 2009.
87. Ramachandran, M. and Ganeshan, S. (2009). Chapter 21 Rapid Productivity and Quality: Software Product Lines and Trends of the Future, Edited by Ramachandran, M and de Carvalho, Rogério Atem (Editors) (2008) Handbook of Software Engineering and Productivity Technologies: Implications for Globalisation, IGI Publishers, USA, November 2009.
88. Rech, J. and Althoff, K-D. (2008). Artificial Intelligence and Software Engineering: Status and Future Trends www.iis.uni-hildesheim.de/files/staff/althoff/Publications/KI_AI-SE-Survey.pdf.
89. Ritch, C. and Waters, R. C. (1988). The programmers' apprentice project: research overview, IEEE Computer, November 1988.
90. Riva, G. et al. (editors) (2005). Ambient Intelligence, IOS Press, http://www. ambientintelligence.org/.
91. SEI (2005) Software Product Lines, http://www.sei.cmu.edu/productlines/bibliography.html.
92. Shaw M., Garlan D. (1996). Software Architecture -- Perspectives on an Emerging Discipline. Prentice Hall. Jersey.
93. Somerville (2004). Software Engineering, Seventh Edition. Addison Wesley (2004).
94. Sommerville, I. and Kotenya, G. (1998). Requirements Engineering: Processes and Techniques, Wiley, 1998.
95. Sommerville, I., and Sawyer, P. Requirements Engineering: A Good Practice Guide, Wiley, 1997.
96. Weiss, M. D., Lai, R. T. C. (1999). Software Product-Line Engineering: A Family-based Software Development Process, 1999.
97. Weiss, M.D. (1998). Commonality Analysis: A Systematic Process for Defining Families. Second International Workshop on Development and Evolution of Software Architectures for Product Families, February 1998.
98. Goertzel, K. M. et al. (2007) Software Security Assurance, State-of-the-Art Report (SOAR) July 31, 2007, Published by IATAC and DACS.
99. Galin, D. (2004) Software quality assurance, Pearson.
100. Ankrum, T. S. and Kromholz, A. H. (2005) Structured Assurance Cases: Three Common Standards, Proceedings of the Ninth IEEE International Symposium on High-Assurance Systems Engineering (HASE'05).
101. Redwine, S. T. (2005) Creating a Software Assurance Body of Knowledge, www.stsc.hill.af.mil, October.
102. Jackson, D. and Cooper, D. (2006) Where Do Software Security Assurance Tools Add Value? NIST Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics (SSATTM'05), February. As part of the ASE 2005 conference, Long Beach, California, USA, http://hissa.nist.gov/~black/Papers/NIST%20SP%20500-265.pdf.
103. Chess, B. (2006) Metrics That Matter: Quantifying Software Security Risk, NIST Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics (SSATTM'05), February. As part of the ASE 2005 conference, Long Beach, California, USA, http://hissa. nist.gov/~black/Papers/NIST%20SP%20500-265.pdf.
104. Crasstalk (2009) Resilient software, CrossTalk, The Journal of Defense Software Engineering, 22:6, Sept/Oct.
105. White, D. (2007) CERT Resiliency Engineering Framework, SEI, CMU report.
106. Hadnagy, C. (2011) Social Engineering, The art of human hacking, Wiley.
107. Agudo, I. et al. (2009) Security Assurance during the Software Development Cycle, International Conference on Computer Systems and Technologies - CompSysTech'09.
108. Mitnick, K. and Simon, W. L. (2003) The Art of Deception: Controlling the Human Element of Security, Wiley. http://www.social-engineer.org/seresources/.
109. Jaquith, A. (2007) Security Metrics: replacing fear, uncertainty, and doubt, Addison Wesley, 2007.
110. Sommerville, I. (2011) Software Engineering, 9th Edition, Pearson.
111. Pressman, R. (2009) Software Engineering: Practitioner's Approach, 7th edition, McGraw Hill.
112. Michael, C. and Lavenhar, S. R. (2005) Source Code Analysis Tools - Overview, https://buildsecurityin.us-cert.gov/bsi/articles/tools/code/263- BSI.html.
113. SAMATE (2005) SAMATE project at NIST-Software Assurance Metrics And Tool Evaluation, Source Code Security Analyzers, http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html.
114. Kvedar, D. et al. (2010) The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition, CCSC: Rocky Mountain Conference 2010.
115. Bishop, M. (2003) computer security: art and science, Addison-Wesley.
116. Gasser, M. (1988) Building a secure computer system, van Nostrand Reinhold New York Co.
117. Saltzer, J. H., and Schoeder, M. D. (1975) The protection of information in computer systems, Proceedings of the IEEE 63 (9): 1278-308.
118. ATAM (2011) The architecture tradeoff analysis method (ATAM), SEI www.sei.cmu.edu/architecture/ata_method.html.
119. Spencer, J. (2000) Architecture description markup language (ADML) creating open market for IT architecture tools, The open group, white paper.
120. Babar, A. M. and Gorton, I. (2009) Software architecture review: the state of practice, IEEE Computer, Vol 42 No 7, July.
121. Taylor, R., Medividovic, N., Dashofy, E. M. (2010) Software Architecture: Foundations, theory, and practice, Wiley, USA.
122. Booch, G. (2006) Goodness of fit on software architecture, IEEE Software, Nov/Dec.
123. Allen, J. H. et al. (2008) Software security engineering: a guide for project managers, Addison Wesley, 2008.
124. Sommerville, I. (2011) Software Engineering, 9th Edition, Pearson.
125. Pressman, R. (2009) Software Engineering: Practitioner's Approach, 7th edition, McGraw Hill.
126. Umair, M., Kan, A., and Zulkernine, M. (2009) Activity and Artifact Views of a Secure Software Development Process, International Conference on Computational Science and Engineering.
127. Ramachandran, M. (2008) Software Components: Guidelines and Applications, Nova Scientific Publishers, NY, USA.
128. Pourzandi, M. et al. (2007) Clusters and Security: Distributed Security for Distributed Systems, Open Systems Laboratory-Ericsson Research, National Center for Supercomputing Applications (NCSA) Presentation Slides.
129. Oppliger, R. (2002) Internet and intranet security, Artech House, Inc.
130. Chirillo, J. (2001) Hack attacks denied-a complete guide to network lockdown, John Wiley and Sons, Inc.
131. Stallings, W. (2003) Network security essentials-applications and standards, 2nd edition, Pearson Education, Inc.
132. Dick, K. (2008) Web services: mostly secured already, Slide presentation http://www.webservicessummit.com/SDSIC/KSDSDSICSlides_files/frame.ht m.
133. Lin, Y-D. et al. (2006) Designing an integrated architecture for network content security gateways, IEEE Computer, Special Issue on Grid Computing and Web Services, November 2006.
134. Tondel, I. A. et al. (2008) Security requirements for rest of us: a survey, IEEE Software, Special Issue on Security and Agile requirement engineering methods, January/February.
135. McGraw, G. (2004) Software Security: Building Security In, IEEE Security and Privacy, March/April.
136. Sindre, G. and A. L. Opdahl (2005) Eliciting security requirements with misuse cases, Requirements Eng (2005) 10: 34-44.
137. Allen, J. et al. (2008) Software security engineering: A guide for project managers, Addison Wesley, SEI series, USA.
138. McGraw, G. (2006) Software security: building security in, Addison Wesley, USA.
139. Hatebur, D. Heisel, M. Schmidt, H. (2008) Analysis and Component-based Realization of Security Requirements, The Third International Conference on Availability, Reliability and Security, IEEE CS Press.
140. Cheesman, J. and Daniels, J. (2000) UML Components, Addison Wesley.
141. D'Souza and Wills (1999) Objects, components and frameworks with UML, Addison Wesley.
142. Heineman, G. T. and Councill, W. T. (2001) Component-Based Software Engineering, Addison Wesley.
143. IEEE SW (1998) Special issue on Software components, IEEE Software, September 1998.
144. Morisio, M. (2006) (ed.). Reuse of off-the-shelf components: 9th international conference on software reuse, ICSR 2006, Turin, Italy, June 12-15, 2006, Springer Verlog Lecture Notes.
145. Pressman (2005) SE, 6th Edition, McGraw Hill.
146. Sommerville, I. (2005) Software Engineering, 7th Edition, Addison Wesley.
147. Szyperski, C. (1998) Component Software, Addison Wesley.
148. Ramachandran, M. (2008) Software Components: Guidelines and Applications, Nova Scientific Publishers, NY, USA.
149. Parnas, L. (1979) Good program design, 1979, Prentice-Hall.
150. Dijkstra, E. W. (1979) Selected writings on computing: a personal perspective, ACM Classic Books Series, 1982.
151. Sessions, R. (1998) COM and DCOM, Wiley.
152. Sommerville, I. (2005) Software Engineering, 7th Edition, Addison Wesley.
153. Ramachandran, M. and Sommerville (1992) Software reuse assessment, First Intl. workshop on software reuse, Germany.
154. Endres, A. and Rombach, D. (2003) A Handbook of Software and Systems Engineering, Addison Wesley.
155. Hoare, T. (1979) Concurrent programs, Prentice-Hall.
156. Sommerville, I. and Sawyer, P. (1995) Requirements Engineering: Good Practice Guidelines, Wiley.
157. Hatebur, D., Heisel, M., Schmidt, H. (2008) Analysis and Component-based Realization of Security Requirements, The Third International Conference on Availability, Reliability and Security (ARES'08), IEEE CS Press.
158. Jackson, M. (2001) Problem Frames. Analyzing and structuring software development problems. Addison-Wesley.
159. Khan, K., Han, J. and Zheng, Y. (2001) A Framework for an Active Interface to Characterize Compositional Security Contracts of Software Components, Proceedings of the 13th Australian Software Engineering Conference (ASWEC'01).
160. Han, J. (1998) A Comprehensive Interface Definition Framework for Software Components, IEEE Proceedings of the 1998 Asia-Pacific Software Engineering Conference, Taipei, December.
161. Howard, M. and Lipner, S. (2006) The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software, Microsoft Press.
162. McGraw, G. and Felton, E. W. (1999) Securing Java: getting down to business with mobile code, John Wiley and Sons, USA.
163. Dowd, M., McDonald, J., and Schuh, J. (2007) The art of software security assessment: Identifying and preventing software vulnerabilities, Addison Wesley.
164. Ramachandran, M. (2008) Software Components: Guidelines and Applications, Nova Scientific Publishers, NY, USA.
165. ASP.NET (2011) architecture and security design principles http://msdn. microsoft.com/en-us/library/yedba920.aspx, accessed on 12th February
166. Oracle (2010) Web-services Security: What's Required To Secure A Service- Oriented Architecture.
167. Hyde, R. (2000) Software Development Guidelines, http://webster.cs.ucr.edu/ Page_softeng/softDevGuide_contents.html.
168. SecureJava (2011) Secure Coding Guidelines for the Java Programming Language, Version 3.0, http://www.oracle.com/technetwork/java/seccode guide-139067.html, accessed on February 14th.
169. Viega, J. and McGraw, G. (2002) Building Secure Software: How to Avoid Security Problems the Right Way, Boston: Addison-Wesley.
170. Bloch, J. (2008) Effective Java Programming Language Guide, 2nd ed, Addison-Wesley Professional.
171. Wysopal, C. et al. (2007) The art of software security testing, Addison Wesley.
172. Pezze, M. and Young, M. (2008) Software Testing and Analysis-Process, Principles, and Techniques, John Wiley and Sons, USA.
173. Wysopal, C. et al. (2007) The art of software security testing, Addison Wesley.
174. Ellswork, C. and Dunlop, C. (2009) Junit with Jtest, Parasoft tools, http://www.devx.com/Java/Article/15625/0/page/2.
175. Jtest (2011) http://www.parasoft.com/jsp/products/jtest.jsp;jsessionid=aaa5Jg ObObp7fo?redname=java_staticanalysis_unittestingandreferred=java_stati canalysis_unittesting.
176. Jacobson, I. et al. (1997) Software Reuse: Architecture, Process and Organization for Business Success, Addison Wesley.
177. Meyers, S. (2004) The Most Important Design Guideline? IEEE Software, July/August 2004.
178. Bertolino, A., Gnesi, S. (2003) Use Case-based Testing of Product Lines, ACM SIGSOFT Software Engineering Notes, September 2003.
179. Goertzel, K. M. et al. (2007) Software Security Assurance, State-of-the-Art Report (SOAR) July 31, 2007, Published by IATAC and DACS.
180. Beizer, B. (1990) Software Testing Techniques, Van Nost. Reinhold; 2 edition (Jun 1990).
181. Mitre Corporation (2004) Common Vulnerabilities and Exposures (CVE) List. Retrieved. November 22, accessible at http://www.cve.mitre.org/cve/downloads/.
182. Heitmeyer, C. L. et al. (2008) Applying Formal Methods to a Certifiably Secure Software System, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 34, NO. 1, JANUARY/FEBRUARY.
183. Gilliam, P. D. et al. (2005) Application of Lightweight Formal Methods to Software Security, Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05).
184. He, K. et al. (2008) An Attack Scenario-based Approach for Software Security Testing at Design Stage, International Symposium on Computer Science and Computational Technology, IEEE CS Press.
185. Trocino, D. P. (2004) Developing Secure Applications: Best Practices for Writing Secure Code. Boca Raton, Fla.: Auerbach, ISBN 0849319900.
186. Wheeler, D. A. (2003) Secure programmer: Developing secure programs (August 21, 2003).
187. La, T. (2003) Secure Software Development and Code Analysis Tools. GIAC Certification: Practical Assignment v1.4b, Option 1, SANS Institute.
188. Linden, van der, M. A. (2007) Testing Code Security, Auerbach Publications.
189. Whittaker, A. J. (2008) Penetration Testing, http://msdn.microsoft.com/enus/magazine/cc507646.aspx, MSDN Magazine, May.
190. Pan, W. and Li, W. (2009) A Penetration Testing Method for E-Commerce Authentication System Security, International Conference on Management of e-Commerce and e-Government, Nanchang, China.
191. Dowd, M., McDonald, J., and Schuh, J. (2006) The Art of Software Security Assessment-Identifying and Preventing Software Vulnerabilities, Addison Wesley.
192. Potter, B., Hamilton, B. A., and McGraw, G. (2004) Software security testing, special issue on building security in, IEEE Security and Privacy, September/October.
193. Gilliam, P. D. et al. (2001) Development of a Software Security Assessment Instrument to Reduce Software Security Risk, Proceedings of the 10th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'01).
194. Halkidis, S. T. (2008) Architectural Risk Analysis of Software Systems Based on Security Patterns, IEEE Transactions On Dependable And Secure Computing, VOL. 5, NO. 3, JULY-SEPTEMBER.
195. Nmap (2011) Network Mapper Tool for scanning network ports for security, http://nmap.org/.
196. AirTight Networks (2005) AirTight Networks. Best Practices for Securing Your Enterprise Wireless Perimeter, pp.01-06.
197. Christopher, L. (2005) APC Legendary Reliability Physical Security of Data Centers and network Rooms. Fundamental Principles of Network Security, pp.4-10.
198. Curtin, M. (1997) Introduction to Network security, http://www.interhack. net/pubs/network-security/.
199. House of Lords (2007) House of Lords Science and Technology Committee, Personal Internet Security, vol.1, August, pp.13-27. http://www. publications.parliament.uk/pa/ld200607/ldselect/ldsctech/165/165i.pdf. http://www.iss.net/documents/whitepapers/ISS_Preemptive_Host_Protection_ Whitepaper.pdf.
200. Joshua, C. (2003) Internet Security Systems. Defining the Rules for Preemptive Host Protection: Internet Security Systems' Multi-Layered Strategy, pp.05-07.
201. Karanjit, S. and Chris, H. (1994) Internet Firewall and Network Security. New Riders Publishing.
202. Kizza, J. M. (2009) A Guide to Computer Network Security, Springer, London.
203. Merritt, M. and David, P. (2002) Wireless Security.
204. Papadimitriou, D. et al. (2009) The Future of Internet (2009) http://www.future-internet.eu/fileadmin/documents/reports/Cross- ETPs_FI_Vision_ Document_v1_0.pdf.
205. Randall, N. K. and L., C., Panos (2002) Wireless security Model Threads Solutions. McGraw-Hill Telecom.
206. Schweitzer, D. (2003) Incident Response: Computer Forensics Toolkit, Wiley, USA.
207. Stallings, W. (1999) SNMP, SNMPv2, SNMPv3, and RMON 1 and 2/William Stallings. Harlow, Addison Wesley.
208. Stallings, W. (2003) Network Security Essentials. 2nded. Pearson Education INC.
209. Pourzandi, M. et al. (2007) Clusters and Security: Distributed Security for Distributed Systems, Open Systems Laboratory-Ericsson Research, National Center for Supercomputing Applications (NCSA) Presentation Slides.
210. Oppliger, R. (2002) Internet and intranet security, Artech House, Inc.
211. Chirillo, J. (2001) Hack attacks denied-a complete guide to network lockdown, John Wiley and Sons, Inc.
212. Stallings, W. (2003) Network security essentials-applications and standards, 2nd edition, Pearson Education, Inc.
213. Dick, K. (2008) Web services: mostly secured already, Slide presentation. http://www.webservicessummit.com/SDSIC/KSDSDSICSlides_files/frame.htm.
214. Lin, Y-D. et al. (2006) Designing an integrated architecture for network content security gateways, IEEE Computer, Special Issue on Grid Computing and Web Services, November 2006.
215. Goertzel, K. M. (2007) The Security of Web Services as Software, CrossTalk, September, http://www.stsc.hill.af.mil/crossTalk/2007/09/0709Goertzel. html.
216. Aoyama, M. et al. (2002) Web-Services Engineering: Promises and Challenges, ICSE'02, May 19-25, Orlando, Florida, USA.
217. Bertolino, A. et al. (2006) Audition of web services for testing conformance to open specified protocols, J. Stafford et al., eds., Architecting systems with trustworthy components, Springer, 2006.
218. Bias, R. (2009), Cloud Expo Article, Cloud Computing: Understanding Infrastructure as a Service, Cloud computing journal, http://cloudcomputing.sys-con.com/node/807481, January.
219. Chesbrough, H., and Spohrer, J. (2006) A research manifesto for services science, Special Issue on Services Science, CACM, July 2006, Vol.49/No. 7.
220. Cobweb (2009) http://www.cobweb.com/.
221. Curbera, F. (2007) Component contracts in service-oriented architectures, Special Issue on Service-oriented Computing, IEEE Computer, V.40, No.11, November 2007.
222. Erl, T. (2005) Service-oriented architecture: concepts, technology, and design, Prentice Hall.
223. Farrell, J., and Ferris, C. (2003), What are web services? Special Issue, CACM, June, V46/N6. For Software Testing, International Journal of Computer Science and Information Security (IJCSIS), Vol. 7, No. 3, 2010.
224. Helbig, J. (2007) Creating business value through flexible IT architecture, Special Issue on Service-oriented Computing, IEEE Computer, V.40, No.11, November 2007.
225. IaaS (2010) Cloud computing world forum, http://www.cloudwf.com/iaas.html.
226. IThound (2010) Video whitepaper http://images.vnunet.com/video_ WP/V4.htm.
227. Lakshminarayanan, S. (2010) Interoperable security service standards for web services, IT pro, IEEE CS Press, December.
228. Nano, O. and Zisman, A. (2007) Realizing service-centric software systems, Special issue on SoC, IEEE Software, November/December 2007.
229. Naone, E. (2007) Computer in the cloud, technology review, http://www.technologyreview.com/Infotech/19397/?a=f.
230. NIST (2009) http://csrc.nist.gov/groups/SNS/cloud-computing/index.html.
231. PaaS (2010) Types of PaaS solutions http://www.salesforce.com/uk/paas/paassolutions/.
232. Papazoglou, P. M. et al. (2007) Service-oriented computing: state-of-the-art and research challenges, Special Issue on Service-oriented Computing, IEEE Computer, V.40, No.11, November 2007.
233. Ramachandran, M. (2008) Software components: guidelines and applications, Nova Publishers, NY.
234. SaaS (2009) SaaS http://www.saas.co.uk/.
235. Science Group (2006), 2020 Science Group: Toward 2020 science, tech.report, Microsoft, 2006; http://research.microsoft.com/towards2020 science/downloads/T2020S_Report.pdf.
236. Serugendo, G., et al. (2004) Self-organization: paradigms and applications, engineering self-organizing systems: Nature-Inspired approaches to software engineering, Springer, 2004.
237. Taiyuan, S. (2009) A Flexible Business Process Customization Framework for SaaS, WASE International Conference on Information Engineering, July, China.
238. Tyagi, S. (2006) RESTful web services, http://www.oracle.com/technetwork/articles/javase/index-137171.html.
239. Venkataraman, T. et al. (2010) A Model of Cloud-based Application Environment.
240. Verizon (2010), http://www.zdnet.co.uk/news/cloud/2010/10/08/the-cloudlessons- from-history-40090471/, October.
241. Vouk, M. A. (2008) Cloud computing-issues, research and implementations, journal of computing and Information technology, CIT 16.
242. Wilson, C., and Josephson, A. (2007) Microsoft Office as a Platform for Software + Services, The Architecture Journal, No.13, www. architecturejournal.net.
243. Wang, L., and Laszewski, V. G (2008) Scientific Cloud Computing: Early Definition and Experience, http://cyberaide.googlecode.com/svn/trunk/papers/08-cloud/vonLaszewski-08-cloud.pdf.
244. Yang, J. (2003) Web-service componentization, CACM, October Vol 46/N 10.
245. Zhang, L-J., and Zhou, Q (2009) CCOA: Cloud Computing Open Architecture, IEEE International Conference on Web Services.
246. Alleman, G. B. (2002) Architecture-Centered ERP Systems in the Manufacturing Domain, Nivot, USA.
247. Amr (2008) www.amrresearch.com.
248. Appuswamy, R. (2000) Implementation issues in ERP, 1st Intl. Conference on Systems Thinking in Management.
249. Brown, A. W. and Wallnau, K. C. (1998) The Current state of CBSE, September/October 1998.
250. Cheesman, J. and Daniels, J. (2000) UML Components, Addison Wesley.
251. Christiansson, B. and Jacobsson, L. Component-Based Software Development Lifecycles, Karlstad University, Institution for Information technology, Sweden, 1999.
252. D'Souza and Wills (1999) Objects, components and frameworks with UML, Addison Wesley.
253. Davenport, T. H. (1998) Putting the enterprise into the enterprise system, Harvard Business Review, pp. 121-131, July-August.
254. Dumbrava, S., Panescu, D. and Costin, M. (2005) A Three-tier Software Architecture for Manufacturing Activity Control in ERP Concept, International Conference on Computer Systems and Technologies- CompSysTech' 2005.
255. Grady, R. and Caswell, D. (1999) Software Metrics: Establishing a Companywide program, Prentice Hall.
256. Holland, C. P. and Light, B. (1999) A Critical success factor model for ERP implementation, IEEE Software, pp. 30-36, May/June.
257. Humphrey, W. (1989) Managing the software process, Addison-Wesley.
258. Kim, B-O., Lockwood, D. (2001) A component-based design approach to ERP design in a distributed object environment, IACIS 01.
259. Kouamou, G. E. (2009) Building a Service-Oriented ERP from an Open Source Software, Fourth International Conference on Software Engineering Advances, IEEE CS Press.
260. Applegate, L.M., McFarlan, F. W. and McKenney, J. L. (1999) Corporate Information Systems Management: Text and Cases, 5th edition, McGraw- Hill.
261. Malm, B. (2001) Component-based ERP systems, Master thesis, Mid Sweden University, Sundsvall.
262. Parthasarathy, S. and Ramachandran, M. (2008) Requirements Engineering Method and Maturity Model for ERP Projects, Intl. J. of Enterprise Information Systems (IJEIS), IGI Publishers, Vol. 4, No. 4, Oct-Dec.
263. Ramachandran, M. (2008) Software components: guidelines and applications, Nova Publishers, NY.
264. Riet, van de, R. et al. (1998) Security moving from Database Systems to ERP systems, Proceedings of Ninth International Workshop on Database and Expert Systems Applications, Vienna.
265. Strong, D. M., Olga Volkoff, "A Roadmap for Enterprise System Implementation," IEEE Computer Society, 2004.
266. Szyperski, C. (1998) Component Software, Addison Wesley