You are previewing Developing and Evaluating Security-Aware Software Systems.
O'Reilly logo
Developing and Evaluating Security-Aware Software Systems

Book Description

As computer technologies continue to evolve and new security threats emerge, secure-aware software developments are essential in the software engineering field. Developing and Evaluating Security-Aware Software Systems provides innovative ideas and methods on the development, operation, and maintenance of secure software systems and aims to highlight the construction of a functional software system and a secure system simultaneously. This book is practical for researchers, academics and practitioners in the software engineering and security fields. 

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Associate Editors and List of Reviewers
    1. Associate Editors
    2. List of Reviewers
  5. Preface
    1. INTRODUCTION
    2. CHALLENGES
    3. ORGANIZATION OF THE BOOK
    4. CHAPTER ABSTRACTS
    5. CONCLUSION
  6. Section 1: Software Development Process
    1. Chapter 1: Secure by Design
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. CHALLENGES OF SECURE SOFTWARE SYSTEMS ENGINEERING
      4. 3. PROJECT BACKGROUND
      5. 4. SECURE BY DESIGN DEVELOPMENT OF POWERCHEX’S PRE-EMPLOYMENT SYSTEM
      6. 5. LESSONS LEARNED
      7. 6. RELATED WORK
      8. 7. CONCLUSION
    2. Chapter 2: Security Evaluation of Service-Oriented Systems Using the SiSOA Method
      1. ABSTRACT
      2. INTRODUCTION
      3. MODEL EXTRACTION
      4. KNOWLEDGE BASE
      5. PROTOTYPICAL IMPLEMENTATION
      6. EXAMPLE OF A SECURITY ANALYSIS
      7. RELATED WORK
      8. CONCLUSION AND FUTURE WORK
    3. Chapter 3: Eliciting Policy Requirements for Critical National Infrastructure Using the IRIS Framework
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. RELATED WORK
      4. 3. THE IRIS FRAMEWORK
      5. 4. CASE STUDY: A PLANT OPERATIONS SECURITY POLICY
      6. 5. DISCUSSION
      7. 6. CONCLUSION
    4. Chapter 4: Organizational Patterns for Security and Dependability
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORKS AND CONCLUSION
    5. Chapter 5: Not Ready for Prime Time
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. RESEARCH QUESTIONS
      4. 3. METHOD
      5. 4. RESULTS
      6. 5. DISCUSSION
      7. 6. CONCLUSION
    6. Chapter 6: Security Gaps in Databases
      1. ABSTRACT
      2. INTRODUCTION
      3. SOFTWARE PRODUCTS ANALYZED
      4. ANALYSIS PROCEDURE
      5. LESSONS LEARNED: PRODUCTS COMPARISON AND DISCUSSION
      6. CONCLUSIONS AND FUTURE WORK
  7. Section 2: Formal Techniques and Tools
    1. Chapter 7: Using Executable Slicing to Improve Rogue Software Detection Algorithms
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. BACKGROUND
      4. 3. EXPERIMENT
      5. 4. RESULTS
      6. 5. CONCLUSION
    2. Chapter 8: Ell Secure Information System Using Modal Logic Technique
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. THE SYNTAX OF THE LANGUAGE
      4. 3. SEMANTICS OF THE LANGUAGE
      5. 4. THE APPLICATION: A CASE STUDY
      6. 5. THE IMPLEMENTATION
      7. 6. CONCLUSION
    3. Chapter 9: A Formal Language for XML Authorisations Based on Answer Set Programming and Temporal Interval Logic Constraints
      1. ABSTRACT
      2. INTRODUCTION
      3. CONCLUSION
    4. Chapter 10: Building Secure Software Using XP
      1. ABSTRACT
      2. INTRODUCTION
      3. EXTREME PROGRAMMING (XP)
      4. CLASP METHDOLOGY
      5. CLASP SECURITY ACTIVITIES
      6. WHY CLASP
      7. INTEGRATING CLASP INTO XP
      8. RELATED WORK
      9. CONCLUSION
  8. Section 3: Standard Security Functions
    1. Chapter 11: Analysis of ANSI RBAC Support in EJB
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. ANALYSIS OF SUPPORT FOR ANSI RBAC
      5. CONCLUSION
    2. Chapter 12: Performance Evaluation of Secure Key Deployment and Exchange Protocol for MANETs
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORK
      4. THE PROPOSED SKYE PROTOCOL
      5. SKYE SIMULATION ENVIRONMENT
      6. SIMULATIONS
      7. CONCLUSION
    3. Chapter 13: JavaSPI
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. BACKGROUND AND RELATED WORK
      4. 3. THE JAVASPI FRAMEWORK
      5. 4. THE SSL CASE STUDY
      6. 5. CONCLUSION
    4. Chapter 14: A Systematic Empirical Analysis of Forging Fingerprints to Fool Biometric Systems
      1. ABSTRACT
      2. INTRODUCTION
      3. QUALITY MEASURES
      4. THE FINGERPRINT
      5. SECURITY OF FINGERPRINT SCANNERS
      6. CONCLUSION
    5. Chapter 15: Integrating Patient Consent in e-Health Access Control
      1. ABSTRACT
      2. INTRODUCTION
      3. PATIENT CONSENT
      4. PATIENT CONSENT INTEGRATION: THE XDS CASE STUDY
      5. EVALUATION
      6. RELATED WORK
      7. DISCUSSION
      8. CONCLUSION
  9. Compilation of References
  10. About the Contributors