Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing
نویسندگان
چکیده مقاله:
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of software. Developers are able to provide secure and robust software by applying such touch points. In this paper, we introduce a secure and robust approach to map McGraw cycle to RUP methodology, named RUPST. The traditional form of RUP methodology is revised based on the proposed activities for software security. RUPST adds activities like security requirements analysis, abuse case diagrams, risk-based security testes, code review, penetration testing, and security operations to the RUP disciplines. In this regard, based on RUP disciplines, new touch points of software security are presented as a table. Also, RUPST adds new roles such as security architect and requirement analyzer, security requirement designer, code reviewer and penetration tester which are presented in the form of a table along with responsibilities of each role. This approach introduces new RUP artifacts for disciplines and defines new roles in the process of secure software design. The offered artifacts by RUPST include security requirement management plan, security risk analysis model, secure software architecture document, UMLSec model, secure software deployment model, code review report, security test plan, security testes procedures, security test model, security test data, penetration report, security risks management document, secure installation and configuration document and security audit report. We evaluate the performance of the RUPST in real software design process in comparison to other secure software development approaches for different security aspects. The results demonstrate the efficiency of the proposed methodology in developing of a secure and robust software.
منابع مشابه
Mapping RUP Roles to Small Software Development Teams
In the last decades the complexity of software development projects had a significant increase. This complexity emerges from the higher degree of sophistication in the contexts they aim to serve and from the evolution of the functionalities implemented by the applications However, many software corporations have a reduced dimension (micro, small or medium) which imposes a considerable constrain...
متن کاملONTO-RUP: A RUP Based Approach for Developing Ontogenetic Software Systems
It is impossible to produce systems of any size which do not need to be changed. Once software is put into use, new requirements emerge and existing requirements change as the business running that software changes. Ontogenetic software systems have the ability to evolve dynamically in an autonomous way to meet the user needs and the anticipated and unanticipated changes of requirements. The ev...
متن کاملDeveloping secure software and systems
The development and maintenance of network and data security in software systems is done in a late phase of design and coding or during deployment, often in an ad-hoc manner. Network monitoring and recovery, encryption protocols, best practices for combating cyber-crime, or disaster recovery planning are useful methodologies applied to enforce security of a deployed system. Nevertheless these a...
متن کاملA Tool Supported Methodology For Developing Secure Mobile P2P Systems
The growth of mobile devices with near PC equivalent capabilities has brought with it the possibility of mobile Peer-to-Peer (P2P) systems. However, the unique nature of mobile devices introduces new challenges that need to be considered during the development process, especially when considering critical aspects such as system security. This chapter presents the PEPERS Development Methodology ...
متن کاملمنابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ذخیره در منابع من قبلا به منابع من ذحیره شده{@ msg_add @}
عنوان ژورنال
دوره 17 شماره 2
صفحات 46- 33
تاریخ انتشار 2020-09
با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.
کلمات کلیدی برای این مقاله ارائه نشده است
میزبانی شده توسط پلتفرم ابری doprax.com
copyright © 2015-2023