A Review of Approaches to Model Security into Software Systems

Software security has a huge impact on almost all areas ranging from banking systems to critical systems. The rapid expansion of internet and distributed systems has forced developers, designers, engineers and manager to consider software security as an essential activity for their systems. Software security does not depend on the external measures such as firewalls but also on the internal security of software applications. Internal security of software systems is a major concern of current software systems. A number of methodologies have been developed over the time to address the issues of software security. In this paper, a survey of these methodologies has been presented. This paper surveys the methodologies only used for the internal security of software systems. The methodologies used for external security of software systems are not in the scope of this paper. This survey has focussed on four parameters of the methodologies: model driven methodologies, methodologies having automatic tool support, methodologies having no tool support and methodologies based on formal methods. A critical analysis of the methodologies is also presented. Future research directions are also discussed based on the critical analysis to develop a more secure methodology for software systems.