research-article

Tracking requirements and threats for secure software development

Authors:

Brandon Malone,

Ambareen SirajAuthors Info & Claims

ACMSE '08: Proceedings of the 46th annual ACM Southeast Conference

Pages 278 - 281

https://doi.org/10.1145/1593105.1593179

Published: 28 March 2008 Publication History

Get Access

Abstract

Many opportunities of use of systems also open doors for their misuse. Misuse of a system could manifest itself in a variety of forms. One common misuse of a system lies in security breaches. This research investigates tracing requirements and threats through a series of models to identify, maintain the visibility of, and ultimately help mitigate, security threats to a system. The proposed Tracking of REquirements And Threats (TREAT) approach is a model driven framework which blends together several known modeling techniques to conceptualize and design a secure software system. TREAT considers security requirements along with system requirements from the very inception of the software and traces them throughout the software lifecycle in between various software artifacts.

References

[1]

Ambler, S. W. "Agile Models Distilled: Potential Artifacts for Agile Modeling", Agile Modeling, http://www.agilemodeling.com/artifacts. Accessed 4/15/2007.

Google Scholar

[2]

Hefner, R. 1997. Lessons learned with the systems security engineering capability maturity model. In Proceedings of the 19th international Conference on Software Engineering. ICSE '97. ACM, New York, NY.

Digital Library

Google Scholar

[3]

Kazman, R., Klein, M., Barbacci, M., Longstaff, T., Lipson, H., and Carriere, J. The Architecture Tradeoff Analysis Method. Int'l Conf. Engineering Complex Computer Systems (ICECCS98). Aug. 98.

Google Scholar

[4]

Lethbridge, T. C. and Lagani&#232;re, R. Object-Oriented Software Engineering: Practical Software Development using UML and Java, McGraw-Hill, 2005, p. 138.

Digital Library

Google Scholar

[5]

McGraw, G. "Testing for Security During Development: Why we should scrap penetrate-and-patch", IEEE Aerospace and Electronic Systems, 13(4), pages 13--15, April 1998.

Crossref

Google Scholar

[6]

Pauli, J. and Xu, D. Misuse Case-based Analysis of Secure Software Architecture, In Proc. of ITCC'05, April 2005.

Digital Library

Google Scholar

[7]

Pauli, J. and Xu, D. Threat-Driven Architectural Design of Secure Information Systems. In Proc. of ICEIS'05, Miami, May 2005.

Google Scholar

[8]

Sindre, G. and Opdahl, A. "Capturing Security Requirements through Misuse Cases", Norsk Informatikkonferanse 2001. 2001.

Google Scholar

[9]

Wang, L., Wong, E., and Xu, D. A Threat Model Driven Approach for Security Testing. Int'l Conf. Software Engineering Workshops. 2007.

Digital Library

Google Scholar

[10]

Zinnikus, I., Elves&#230;ter, B., Fischer, K., Vayssiere, J., and Benguria, G. 2006. A Model Driven Approach to Agent-Based Service-Oriented Architectures. (Erfurt, Germany, September 2006).

Google Scholar

Cited By

View all

Banerjee CBanerjee APoonia ASharma S(2017)Proposed Algorithm for Identification of Vulnerabilities and Associated Misuse Cases Using CVSS, CVE Standards During Security Requirements Elicitation PhaseSoft Computing: Theories and Applications10.1007/978-981-10-5699-4_61(651-658)Online publication date: 25-Nov-2017
https://doi.org/10.1007/978-981-10-5699-4_61
Faniyi FBahsoon REvans AKazman R(2011)Evaluating Security Properties of Architectures in Unpredictable EnvironmentsProceedings of the 2011 Ninth Working IEEE/IFIP Conference on Software Architecture10.1109/WICSA.2011.25(127-136)Online publication date: 20-Jun-2011
https://dl.acm.org/doi/10.1109/WICSA.2011.25

Recommendations

Identifying Security Requirements Hybrid Technique
ICSEA '09: Proceedings of the 2009 Fourth International Conference on Software Engineering Advances

There were times when software systems and networks posed no or very little security problems. However, with expanding connectivity during last few years problem of security has been making headlines. This is due to increase in threat environment and ...
Algorithmic Approach for Development of Misuse Case Modeling Framework for iMACOQR Metrics
ACCT '15: Proceedings of the 2015 Fifth International Conference on Advanced Computing & Communication Technologies

Since the beginning of the Information Technology age, the software organizations have conventionally focused on the improvement of quality of the code for refining and enhancing the security of software. From the studies carried out, practically, the ...
Surveying Secure Software Development Practices in Finland
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

Combining security engineering and software engineering is shaping the software development processes and shifting the emphasis of information security from the operation environment into the main information asset: the software itself. To protect ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ACMSE '08: Proceedings of the 46th annual ACM Southeast Conference

March 2008

548 pages

ISBN:9781605581057

DOI:10.1145/1593105

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 March 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACM SE08

ACM SE08: ACM Southeast Regional Conference

March 28 - 29, 2008

Alabama, Auburn

Acceptance Rates

Overall Acceptance Rate 502 of 1,023 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
285
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Banerjee CBanerjee APoonia ASharma S(2017)Proposed Algorithm for Identification of Vulnerabilities and Associated Misuse Cases Using CVSS, CVE Standards During Security Requirements Elicitation PhaseSoft Computing: Theories and Applications10.1007/978-981-10-5699-4_61(651-658)Online publication date: 25-Nov-2017
https://doi.org/10.1007/978-981-10-5699-4_61
Faniyi FBahsoon REvans AKazman R(2011)Evaluating Security Properties of Architectures in Unpredictable EnvironmentsProceedings of the 2011 Ninth Working IEEE/IFIP Conference on Software Architecture10.1109/WICSA.2011.25(127-136)Online publication date: 20-Jun-2011
https://dl.acm.org/doi/10.1109/WICSA.2011.25

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Identifying Security Requirements Hybrid Technique

Algorithmic Approach for Development of Misuse Case Modeling Framework for iMACOQR Metrics

Surveying Secure Software Development Practices in Finland