Proceedings Article10.1145/1137627.1137630
Towards a structured unified process for software security
Shanai Ardi,David Byers,Nahid Shahmehri +2 more
- 20 May 2006
- pp 3-10
TL;DR: Key elements of the approach to security built in to the software from the beginning are introduced, and how these can be applied to design software development processes (or changes to processes) that eliminate software vulnerabilities are discussed.
read more
Abstract: Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how specific activities combine to prevent them.In this paper we introduce key elements of the approach we are taking: vulnerability cause graphs, which encode information about vulnerability causes, and security activity graphs, which encode information about security activities. We discuss how these can be applied to design software development processes (or changes to processes) that eliminate software vulnerabilities.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
DAG-based attack and defense modeling: don’t miss the forest for the attack trees
TL;DR: This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs), and proposes a taxonomy of the described formalisms.
353
•Posted Content
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees
TL;DR: In this article, the authors present the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs), allowing for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions.
226
•Book
Building Secure Software : ソフトウェアセキュリティについて開発者が知っているべきこと
John Viega,Gary McGraw,孝道 斎藤,広幸 武舎,政雄 河村 +4 more
- 01 Jan 2006
TL;DR: It’s time to get used to the idea that there is no such thing as a “slow cooker”.
201
Attack-Defense Trees
TL;DR: A new graphical security model called attack–defense trees is developed, which generalizes the well-known attack trees model and demonstrates the usefulness of the formal foundations of attack– Defense trees by relating attack– defense terms to other scientific research disciplines.
The Interaction between Exchange Rates and Stock Prices: An Australian Context
TL;DR: The authors examined the interaction between stock prices and exchange rates in Australia and found evidence of a positive co-integrating relationship between these variables, with Granger causality found to run from stock prices to the exchange rate during the sample period.
References
•Book
Extreme Programming Explained: Embrace Change
Kent Beck
- 01 Jan 1999
TL;DR: You may love XP, or you may hate it, but Extreme Programming Explained will force you to take a fresh look at how you develop software.
•Book
The unified software development process
Ivar Jacobson,Grady Booch,James Rumbaugh +2 more
- 01 Jan 1999
TL;DR: This book provides a comprehensive guide to The Objectory Software Development Process derived from the three market leading OOA&D methods: Booch, OOSE (Use-Case), and OMT.
3.8K
Embracing change with extreme programming
TL;DR: Rather than planning, analyzing, and designing for the far-flung future, XP exploits the reduction in the cost of changing software to do all of these activities a little at a time, throughout software development.
1.1K
Building secure software: how to avoid security problems the right way
TL;DR: This book defines a wide range of techniques which may be used for use case modeling, and gives the bnsinc~-oriented software analyst a variety of advanced approaches which also comply with the UML specification.
704
Fault Tree Analysis, Methods, and Applications ߝ A Review
TL;DR: This paper reviews and classifies fault-tree analysis methods developed since 1960 for system safety and reliability and classified the literature according to system definition, fault- Tree construction, qualitative evaluation, quantitative evaluation, and available computer codes for fault-Tree analysis.
700