A Survey on Requirements and Design Methods for Secure Software Development*
نویسندگان
چکیده
State Machine Language (AsmL) AsmL is an extended finite state machine-based executable software specification language which has also been used to specify attack scenarios [41]. The authors argue that due to the extended finite state machine-based nature of AsmL, attacks with multiple steps can be specified in AsmL. Such attack scenarios can be automatically translated into Snort rules which can then be used with an extension of the IDS Snort [41]. Such attack scenarios are able to capture more attacks with multiple steps using context information. Snort rules, the standard input for Snort, cannot represent attacks with multiple steps.
منابع مشابه
Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملA Survey on Security Requirements Elicitation and Presentation in Requirements Engineering Phase
Secure software development is the new attention of current world in recent days. Security is the key issue for assuring the quality full software. Since, security is one the non-functional requirement most of the times it is ignored in the requirements phase. But, it is possible to reduce software development cost and time to identify user security requirement in the early stage of the softwar...
متن کاملSoftware Engineering for Secure Software - State of the Art: A Survey
This report contains a survey of the state of the art in software engineering for secure software. Secure software is defined and techniques used in each phase of the software lifecycle to engineer the development of secure software are described. Also identified are open questions and areas where further research is needed. The survey reported here was undertaken to understand how the practice...
متن کاملCERIAS Tech Report 2005-67 SOFTWARE ENGINEERING FOR SECURE SOFTWARE - STATE OF THE ART: A SURVEY
This report contains a survey of the state of the art in software engineering for secure software. Secure software is defined and techniques used in each phase of the software lifecycle to engineer the development of secure software are described. Also identified are open questions and areas where further research is needed. The survey reported here was undertaken to understand how the practice...
متن کاملApplication of triangulation approach in requirements engineering process: A study in analysis and design of the pediatrics epilepsy information system
Introduction: Requirements Engineering process is a crucial phase in software development. In order to achieve a successful design of health information systems (HISs), applying the best methodologies is essential. Therefore, the aim of the present study was to design pediatrics Epilepsy Information System (EPIS) as well as the use of triangulation approach in elicitation and validation of epil...
متن کاملFrom Early Requirements Analysis towards Secure Workflows
Requirements engineering is a key step in the software development process that has little counterpart in the design of secure business processes and secure workflows for web services. This paper presents a methodology that allows a business process designer to derive the skeleton of the concrete coarse grained secure business process, that can be further refined into workflows, from the early ...
متن کامل