Enhancement of Software Security through Design Phase

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Process Optimization Time for a Service in 4G Network by SNMP Monitoring and IaaS Cloud Computing

August

2013

An Implementation and Comparative Analysis of PID Controller and their Auto Tuning Method for Three Tank Liquid Level Control

May

2011

Towards Standardization of Deregulated Electricity Market Communications in Nigeria

November

2015

An Analysis of Wide-Area Networks

Oct

2016

Reseach Article

Enhancement of Software Security through Design Phase

Published on August 2011 by Reshma S. Gaykar, Prof. Dr. Shashank D. Joshi

National Technical Symposium on Advancements in Computing Technologies

Foundation of Computer Science USA

NTSACT - Number 4

August 2011

Authors: Reshma S. Gaykar, Prof. Dr. Shashank D. Joshi

ade1638b-e5ef-471b-8ff1-bece6c69fa9d

Reshma S. Gaykar, Prof. Dr. Shashank D. Joshi . Enhancement of Software Security through Design Phase. National Technical Symposium on Advancements in Computing Technologies. NTSACT, 4 (August 2011), 16-18.

@article{

author = { Reshma S. Gaykar, Prof. Dr. Shashank D. Joshi },

title = { Enhancement of Software Security through Design Phase },

journal = { National Technical Symposium on Advancements in Computing Technologies },

issue_date = { August 2011 },

volume = { NTSACT },

number = { 4 },

month = { August },

year = { 2011 },

issn = 0975-8887,

pages = { 16-18 },

numpages = 3,

url = { /proceedings/ntsact/number4/3208-ntst029/ },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Proceeding Article

%1 National Technical Symposium on Advancements in Computing Technologies

%A Reshma S. Gaykar

%A Prof. Dr. Shashank D. Joshi

%T Enhancement of Software Security through Design Phase

%J National Technical Symposium on Advancements in Computing Technologies

%@ 0975-8887

%V NTSACT

%N 4

%P 16-18

%D 2011

%I International Journal of Computer Applications

Abstract

Designing secure systems are a nontrivial task. Incomplete or faulty designs can cause security mechanisms to be incorrectly incorporated in a system, allowing them to be bypassed and resulting in a security breach. We advocate the use of the Aspect-Oriented Risk- Driven Development (AORDD) methodology for developing secure systems. This methodology begins with designers defining system assets, identifying potential attacks against them, and evaluating system risks. When a risk is unacceptable, designers must mitigate the associated threat by incorporating security mechanisms methodically into the system design. Designers next formally evaluate the resulting design to ensure that the threat has been mitigated, while still allowing development to meet other project constraints. In this paper, we focus on the AORDD analysis, which consists of: 1) a formal security evaluation and 2) a trade-off analysis that enables system designers to position alternative security solutions against each other. The formal security evaluation uses the Alloy Analyzer to provide assurance that an incorporated security mechanism performs as expected and makes the system resilient to previously identified attacks.

References

Verification and Trade-Off Analysis of security Properties in UML System Models (IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 36, NO. 3, MAY/JUNE 2010.)
ISO 14508-4, Common Methodology for Information Technology Security Evaluation: Evaluation Methodology, in Version 3.1, Revision 2, 2007.

Index Terms

Computer Science

Information Sciences

Keywords

Software Security AORDD