SETER

The quality of software systems depends strongly on their architecture. For this reason, taking into account non-functional requirements at architecture level is crucial for the success of the software development process. Early architecture model validation facilitates the detection and correction of design errors. In this research, the authors are interested in security critical systems, which require a reliable validation process. So far, they are missing security-testing approaches providing an appropriate compromise between software quality and development cost while satisfying certification and audit procedures requirements through automated and documented validation activities. In this chapter, the authors propose a novel test-driven and architecture model-based security engineering approach for resilient systems. It consists of a test-driven security modeling framework and a test based validation approach. The assessment of the security requirement satisfaction is based on the test traces analysis. Throughout this study, the authors illustrate the approach using a client server architecture case study.

Download Full-text

Towards Test-Driven and Architecture Model-Based Security and Resilience Engineering

Software Design and Development ◽

10.4018/978-1-4666-4301-7.ch096 ◽

2014 ◽

pp. 2072-2098

Author(s):

Ayda Saidane ◽

Nicolas Guelfi

Keyword(s):

Software Systems ◽

Critical Systems ◽

Functional Requirements ◽

Security Testing ◽

Modeling Framework ◽

Architecture Model ◽

Model Based ◽

Security Modeling

The quality of software systems depends strongly on their architecture. For this reason, taking into account non-functional requirements at architecture level is crucial for the success of the software development process. Early architecture model validation facilitates the detection and correction of design errors. In this research, the authors are interested in security critical systems, which require a reliable validation process. So far, they are missing security-testing approaches providing an appropriate compromise between software quality and development cost while satisfying certification and audit procedures requirements through automated and documented validation activities. In this chapter, the authors propose a novel test-driven and architecture model-based security engineering approach for resilient systems. It consists of a test-driven security modeling framework and a test based validation approach. The assessment of the security requirement satisfaction is based on the test traces analysis. Throughout this study, the authors illustrate the approach using a client server architecture case study.

Download Full-text

Innovative Strategies for Secure Software Development

Software Design and Development ◽

10.4018/978-1-4666-4301-7.ch097 ◽

2014 ◽

pp. 2099-2119

Author(s):

Punam Bedi ◽

Vandana Gandotra ◽

Archana Singhal

Keyword(s):

Fuzzy Logic ◽

Security Requirements ◽

Software Systems ◽

Hybrid Technique ◽

Security Measures ◽

Failed State ◽

Innovative Strategies ◽

Secure Software ◽

Attack Trees ◽

Secure Software Development

This chapter discusses adoption of some proactive strategies in threat management for security of software systems. Security requirements play an important role for secure software systems which arise due to threats to the assets from malicious users. It is therefore imperative to develop realistic and meaningful security requirements. A hybrid technique has been presented in this chapter evolved by overlapping the strengths of misuse cases and attack trees for elicitation of flawless security requirements. This chapter also discusses an innovative technique using fuzzy logic as a proactive step to break the jinx of brittleness of present day security measures based on binary principle. In this mechanism, partially secure state evolved between safe state and failed state using fuzzy logic provides an alert signal to take appropriate additional preventive measures to save the system from entering into the failed state to the extent possible.

Download Full-text

Access Control Specification in UML

Integrating Security and Software Engineering ◽

10.4018/978-1-59904-147-6.ch010 ◽

2007 ◽

pp. 220-243

Author(s):

M. Koch ◽

F. Parisi-Presicce ◽

K. Pauls

Keyword(s):

Access Control ◽

Formal Semantics ◽

Security Requirements ◽

Software Systems ◽

Secure Systems ◽

Distributed Object ◽

Access Control Policies ◽

Software Engineers ◽

Uml Diagrams ◽

Distributed Object Systems

Security requirements have become an integral part of most modern software systems. In order to produce secure systems, it is necessary to provide software engineers with the appropriate systematic support. This chapter discusses a methodology to integrate the speci?cation of access control policies into UML. The methodology, along with the graph-based formal semantics for the UML access control speci?ca-tion, allows to reason about the coherence of the access control speci?cation. The chapter also presents a procedure to modify policy rules to guarantee the satisfaction of constraints, and shows how to generate access control requirements from UML diagrams. The main concepts in the UML access control speci?cation are illustrated with an example access control model for distributed object systems.

Download Full-text

Access Control Specification in UML

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch098 ◽

2008 ◽

pp. 1456-1475

Author(s):

M. Koch ◽

F. Parisi-Presicce ◽

K. Pauls

Keyword(s):

Access Control ◽

Formal Semantics ◽

Security Requirements ◽

Software Systems ◽

Secure Systems ◽

Distributed Object ◽

Access Control Policies ◽

Software Engineers ◽

Uml Diagrams ◽

Distributed Object Systems

Security requirements have become an integral part of most modern software systems. In order to produce secure systems, it is necessary to provide software engineers with the appropriate systematic support. This chapter discusses a methodology to integrate the speci?cation of access control policies into UML. The methodology, along with the graph-based formal semantics for the UML access control speci?ca-tion, allows to reason about the coherence of the access control speci?cation. The chapter also presents a procedure to modify policy rules to guarantee the satisfaction of constraints, and shows how to generate access control requirements from UML diagrams. The main concepts in the UML access control speci?cation are illustrated with an example access control model for distributed object systems.

Download Full-text

A Multi-Agent-Based Approach for Critical Components Identification and Testing

Computer Systems and Software Engineering ◽

10.4018/978-1-5225-3923-0.ch027 ◽

2017 ◽

pp. 657-678

Author(s):

D. Jeya Mala ◽

R. Iswarya

Keyword(s):

Crucial Role ◽

Research Work ◽

Software Systems ◽

Test Cases ◽

Agent Based ◽

Multi Agent ◽

Adequacy Criterion ◽

Critical Components ◽

Test Adequacy

In real time software systems, testing plays a crucial role as any of the critical components in these systems are left undetected, then inadvertent effects will happen which will lead to erroneous operations, system failure, high cost and resource wastage etc. To address this most important and the emergent problem, this research work proposes an effective method by means of multi-agents based approach to identify such critical components and execute test cases along the critical test paths which will aid in effectively covering them during testing. Finally, this paper also compared the performance with existing approaches in terms of time taken for the search process and the component coverage based test adequacy criterion to ensure quality of the software.

Download Full-text

Reuse Alternatives based on the Sources of Software Assets

International Journal of Computer and Information Technology(2279-0764) ◽

10.24203/ijcit.v10i1.67 ◽

2021 ◽

Vol 10 (1) ◽

Author(s):

Anas AL-Badareen

Keyword(s):

Software Engineering ◽

Software Development ◽

Software Reuse ◽

Development Process ◽

Software Systems ◽

Software Development Process ◽

Software Products ◽

Engineering Discipline

Abstract— Since the idea of software reuse appeared in 1968, software reuse has become a software engineering discipline. Software reuse is one of the main techniques used to enhance the productivity of software development, which it helps reducing the time, effort, and cost of developing software systems, and enhances the quality of software products. However, software reuse requires understanding, modifying, adapting and testing processes in order to be performed correctly and efficiently. This study aims to analyze and discuss the process of software reuse, identify its elements, sources and usages. The alternatives of acquiring and using software assets either normal or reusable assets are discussed. As a result of this study, four main methods are proposed in order to use the concept of reuse in the software development process. These methods are proposed based on the source of software assets regardless the types of software assets and their usages.

Download Full-text

Towards a More Systematic Approach to Secure Systems Design and Analysis

International Journal of Secure Software Engineering ◽

10.4018/jsse.2013010102 ◽

2013 ◽

Vol 4 (1) ◽

pp. 11-30 ◽

Cited By ~ 8

Author(s):

Simon Miller ◽

Susan Appleby ◽

Jonathan M. Garibaldi ◽

Uwe Aickelin

Keyword(s):

Cyber Security ◽

Systematic Approach ◽

Systems Design ◽

Software Systems ◽

Security Risks ◽

Secure Systems ◽

Secure Systems Design ◽

Consensus View ◽

Security Advice

The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. The authors show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design.

Download Full-text

A Multi Agent Based Approach for Critical Components Identification and Testing

International Journal of Systems and Service-Oriented Engineering ◽

10.4018/ijssoe.2014010102 ◽

2014 ◽

Vol 4 (1) ◽

pp. 21-38 ◽

Cited By ~ 4

Author(s):

D. Jeya Mala ◽

R. Iswarya

Keyword(s):

Research Work ◽

Software Systems ◽

Test Cases ◽

Critical Test ◽

Agent Based ◽

Multi Agent ◽

Critical Components ◽

Test Adequacy ◽

Multi Agents

In real time software systems, testing plays a crucial role as any of the critical components in these systems are left undetected, then inadvertent effects will happen which will lead to erroneous operations, system failure, high cost and resource wastage etc. To address this most important and the emergent problem, this research work proposes an effective method by means of multi-agents based approach to identify such critical components and execute test cases along the critical test paths which will aid in effectively covering them during testing. Finally, this paper also compared the performance with existing approaches in terms of time taken for the search process and the component coverage based test adequacy criterion to ensure quality of the software.

Download Full-text

Security Patterns

Software Engineering for Secure Systems ◽

10.4018/978-1-61520-837-1.ch004 ◽

2011 ◽

pp. 75-111 ◽

Cited By ~ 5

Author(s):

Armstrong Nhlabatsi ◽

Arosha Bandara ◽

Shinpei Hayashi ◽

Charles Haley ◽

Jan Jurjens ◽

...

Keyword(s):

Security Analysis ◽

Research Area ◽

Security Requirements ◽

Software Systems ◽

Security Patterns ◽

Secure Systems ◽

Modeling Approaches ◽

Security Pattern ◽

Security Modeling ◽

Active Research

Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.

Download Full-text