You are previewing Security-Aware Systems Applications and Software Development Methods.
O'Reilly logo
Security-Aware Systems Applications and Software Development Methods

Book Description

With the prevalence of cyber crime and cyber warfare, software developers must be vigilant in creating systems which are impervious to cyber attacks. Thus, security issues are an integral part of every phase of software development and an essential component of software design.Security-Aware Systems Applications and Software Development Methods facilitates the promotion and understanding of the technical as well as managerial issues related to secure software systems and their development practices. This book, targeted toward researchers, software engineers, and field experts, outlines cutting-edge industry solutions in software engineering and security research to help overcome contemporary challenges.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Editorial Advisory Board and List of Reviewers
    1. Editorial Advisory Board
    2. Associate Editors
  5. Preface
    1. ISSUES AND CHALLENGES IN SECURITY-AWARE SOFTWARE DEVELOPMENT
    2. CONCLUSION
  6. Section 1: Secure Software Development Process
    1. Chapter 1: Agile Software Development
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. BACKGROUND
      4. 3. EMPIRICAL STUDY
      5. 4. CASE STUDY: A DISTRIBUTED DEVELOPMENT EFFORT
      6. 5. SECURITY EXTENSIONS TO AGILE METHODS
      7. 6. DISCUSSION
      8. 7. LIMITATIONS
      9. 8. FURTHER WORK
      10. 9. CONCLUSION
    2. Chapter 2: Assimilating and Optimizing Software Assurance in the SDLC
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. PHASE 1: REQUIREMENTS – SECURITY REQUIREMENTS IDENTIFICATION
      5. PHASE 2: REQUIREMENTS ASSURANCE – CERTIFICATION AND ACCREDITATION
      6. PHASE 3: ASSURANCE CASES – PRE-DEVELOPMENT
      7. PHASE 4: DESIGN – PRODUCING DESIGN ASSURANCE ARTIFACTS
      8. PHASE 5: IMPLEMENTATION – CODE ASSURANCE
      9. PHASE 6: REVIEW – ITERATIVE REVISION
      10. EXPERIENCES/LESSONS LEARNED
      11. CONCLUSION
    3. Chapter 3: Towards Designing E-Services that Protect Privacy
      1. ABSTRACT
      2. INTRODUCTION
      3. PRIVACY AND E-SERVICES
      4. APPROACH FOR DESIGNING E-SERVICES THAT PROTECT PRIVACY
      5. RELATED WORK
      6. EVALUATION OF APPROACH
      7. CONCLUSION AND FUTURE RESEARCH
  7. Section 2: Security Requirements Analysis and Modeling
    1. Chapter 4: Software Engineering Security Based on Business Process Modeling
      1. ABSTRACT
      2. 1 INTRODUCTION
      3. 2. A FRAMEWORK FOR SECURE BPM
      4. 3. SECURE BPM
      5. 4. RELATED WORK
      6. 5. DISCUSSION AND CONCLUSION
    2. Chapter 5: Integrating Access Control into UML for Secure Software Modeling and Analysis
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. SECURITY EXTENSIONS TO UML
      5. SECURITY ANALYSES
      6. RELATED WORK
      7. CONCLUSION
    3. Chapter 6: Benefits and Challenges in the Use of Case Studies for Security Requirements Engineering Methods
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. SQUARE OVERVIEW
      5. OUR CASE STUDY CLIENTS AND GENERAL RESULTS
      6. DETAILED CASE STUDY RESULTS
      7. USE OF THE CASE STUDIES IN REFINING THE SQUARE AND SQUARE-LITE METHODS
      8. CASE STUDY EDUCATIONAL ASPECTS
      9. THE BENEFITS AND CHALLENGES ASSOCIATED WITH TECHNOLOGY TRANSITION OF NEW METHODS SUCH AS SQUARE
      10. TECHNOLOGY TRANSFER RESULTS
      11. CONCLUSION AND FUTURE PLANS
    4. Chapter 7: Security Requirements Engineering for Evolving Software Systems
      1. ABSTRACT
      2. INTRODUCTION
      3. APPROACHES TO SOFTWARE EVOLUTION
      4. APPROACHES TO SECURITY REQUIREMENTS ENGINEERING
      5. A RESEARCH AGENDA FOR SECURITY REQUIREMENTS ENGINEERING FOR EVOLVING SYSTEMS
      6. CONCLUSION
  8. Section 3: Vulnerability Detection
    1. Chapter 8: Monitoring Buffer Overflow Attacks
      1. ABSTRACT
      2. INTRODUCTION
      3. OVERVIEW
      4. COMPARISON OF BOF MONITORING APPROACHES
      5. CONCLUSION
    2. Chapter 9: CONFU
      1. ABSTRACT
      2. INTRODUCTION
      3. PROBLEM AND REQUIREMENTS
      4. EVALUATION
      5. RELATED WORK
      6. LIMITATIONS
      7. CONCLUSION
  9. Section 4: Protection Mechanisms
    1. Chapter 10: Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. RELATED WORK
      5. APPROACH
      6. IMPLEMENTATION
      7. EVALUATION
      8. DISCUSSION
      9. CONCLUSION
    2. Chapter 11: Improving Memory Management Security for C and C++
      1. ABSTRACT
      2. INTRODUCTION
      3. HEAP-BASED VULNERABILITIES FOR CODE INJECTION ATTACKS
      4. MEMORY MANAGERS
      5. SUMMARY
      6. A MORE SECURE MEMORY ALLOCATOR
      7. PROTOTYPE IMPLEMENTATION
      8. EVALUATION
      9. RELATED WORK
      10. CONCLUSION
    3. Chapter 12: Katana
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. KATANA DESIGN
      4. 3. AUTOMATED PATCHING
      5. 4. DISCUSSION
      6. 5. PATCH OBJECT FORMAT
      7. 6. RELATED WORK
      8. 7. CONCLUSION
    4. Chapter 13: A Formal Approach for Securing XML Document
      1. ABSTRACT
      2. INTRODUCTION
      3. XML DOCUMENT SPECIFICATION: SYNTAX AND SEMANTICS
      4. ACCESS CONTROL IN XML DOCUMENT SPECIFICATION: SYNTAX AND SEMANTICS
      5. CONCLUSION
  10. Section 5: Tools for Security-Aware Development
    1. Chapter 14: A Tool Support for Secure Software Integration
      1. ABSTRACT
      2. INTRODUCTION
      3. REQUIREMENTS FOR AUTOMATIC TOOL SUPPORT
      4. ARCHITECTURE
      5. IMPLEMENTATION
      6. RELATED WORK
      7. FUTURE WORK
    2. Chapter 15: Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS
      1. ABSTRACT
      2. INTRODUCTION
      3. RELATED WORK
      4. CAIRIS
      5. CAIRIS MODELS
      6. CASE STUDY
      7. CONCLUSION
  11. Section 6: Secure software Education and Training
    1. Chapter 16: Secure Software Education
      1. ABSTRACT
      2. INTRODUCTION
      3. GENERIC SYSTEM MODEL
      4. GENERIC SYSTEM MODEL AND THREE PRIMARY SYSTEMS
      5. INFORMATION ASSET PROTECTION MODEL
      6. APM AND THE SQUARE PROCESS
      7. ASSET PROTECTION MODEL, LEVEL ONE INTERFACES
      8. ASSET PROTECTION MODEL, LEVEL TWO INTERFACES
      9. PEDAGOGICAL MODEL FOR INFORMATION ASSURANCE CURRICULUM DEVELOPMENT
      10. STABLE MODEL DEVELOPMENT AND APPLICATION
      11. SYSTEM AND SOFTWARE UTILIZATION CONTEXT
      12. SECURE SOFTWARE EDUCATION SYSTEM (SSES) PROCESS
      13. SECURE SOFTWARE PRODUCTION EDUCATIONAL FUNCTIONS
      14. SPECIFIC SECURE SOFTWARE DEVELOPMENT TECHNIQUES
      15. SUMMARY AND CONCLUSION
    2. Chapter 17: Development of a Master of Software Assurance Reference Curriculum
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. PROPOSED OUTCOMES WHEN A STUDENT GRADUATES
      5. CORE BODY OF KNOWLEDGE
      6. MSwA2010 CURRICULUM ARCHITECTURE
      7. COURSE DESCRIPTIONS
      8. IMPLEMENTATION GUIDELINES
    3. Chapter 18: A Rigorous Approach to the Definition of an International Vocational Master’s Degree in Information Security Management
      1. ABSTRACT
      2. INTRODUCTION
      3. TRANSITION TO THE EDUCATIONAL FRAMEWORK
      4. THE CSO DEGREE STRUCTURE
      5. RESULTS AND CONCLUSION
  12. Compilation of References
  13. About the Contributors