You are previewing Software Engineering for Secure Systems.
O'Reilly logo
Software Engineering for Secure Systems

Book Description

The security of software systems in recent years has been transformed from a mono-dimensional technical challenge to a multi-dimensional technico-social challenge, due to the wide usage of software systems in almost every area of the human life. This situation requires a different and more holistic approach to the development of secure software systems.  Software Engineering for Secure Systems: Industrial and Research Perspectives presents the most recent and innovative lines of research and industrial practice related to secure software engineering. The book provides coverage of recent advances in the area of secure software engineering that address the various stages of the development process from requirements to design to testing to implementation. Contributions offer a comprehensive understanding secure software engineering, inspire and motivate further research and development, and bridge the gap between academic research and industrial practice.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Foreword
  5. Preface
    1. BOOK AUDIENCE
    2. ORGANISATION OF THE BOOK
  6. Acknowledgment
  7. Chapter 1: State of Practice in Secure Software
    1. ABSTRACT
    2. INTRODUCTION
    3. BACKGROUND
    4. STATE OF PRACTICE: CREATING MAXIMUM IMPACT
    5. EMERGING ISSUES AND SOME POINTERS TO FURTHER RESEARCH
    6. CONCLUSION AND RECOMMENDATIONS
  8. Section 1: Security Patterns
    1. Chapter 2: Using Security Patterns to Develop Secure Systems
      1. ABSTRACT
      2. INTRODUCTION
      3. SECURE SOFTWARE DEVELOPMENT METHODOLOGY
      4. MODELING AND CLASSIFICATION OF SECURITY PATTERNS
      5. MISUSE PATTERNS
      6. CHARACTERIZATION AND SELECTION OF ACCESS CONTROL MODELS
      7. ADDING DATABASES TO THE SECURE METHODOLOGY
      8. RELATED WORK
      9. CONCLUSIONS AND FUTURE WORK
    2. Chapter 3: A Pattern-Based Method to Develop Secure Software
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. OVERVIEW OF A SECURITY ENGINEERING PROCESS USING PATTERNS
      5. USING PROBLEM FRAMES FOR SECURITY REQUIREMENTS ENGINEERING
      6. DEVELOPMENT OF A SECURITY SPECIFICATION
      7. DEVELOPMENT OF A SECURITY ARCHITECTURE
      8. FUTURE RESEARCH DIRECTIONS
      9. CONCLUSION
    3. Chapter 4: Security Patterns
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. CHARACTERISING SECURITY PATTERNS
      4. 3. RUNNING EXAMPLE
      5. 4. SECURITY MODELLING APPROACHES
      6. 5. COMPARING MODELLING APPROACHES
      7. 6. CONCLUSION AND FURTHER WORK
  9. Section 2:
    1. Chapter 5: Security Over the Information Systems Development Cycle
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. SECURITY OVER SOFTWARE DEVELOPMENT PROCESS
      4. 3. OUR SPECIFIC PROPOSALS
      5. 4. CONCLUSION
    2. Chapter 6: Balancing Security and Performance Properties During System Architectural Design
      1. ABSTRACT
      2. INTRODUCTION
      3. AORDD METHODOLOGY
      4. DEMONSTRATION OF THE AORDD METHODOLOGY
      5. SECURITY ANALYSIS WITH ALLOY ANALYZER: AORDD STEP 3
      6. PERFORMANCE ANALYSIS USING PUMA: AORDD STEP 3
      7. BALANCING PERFORMANCE AND SECURITY: AORDD STEP 3
      8. DISCUSSION
      9. RELATED WORK
      10. CONCLUSION
    3. Chapter 7: State Model Diagrams
      1. ABSTRACT
      2. NETWORK DEVICE CONFIGURATION AND MANAGEMENT
      3. SMD RUNTIME SOFTWARE
      4. CONCLUSIONS AND FUTURE RESEARCH DIRECTIONS
  10. Section 3: Privacy and Trust
    1. Chapter 8: Designing Privacy Aware Information Systems
      1. ABSTRACT
      2. INTRODUCTION
      3. PRIVACY AND PRIVACY REQUIREMENTS
      4. SECURITY AND PRIVACY REQUIREMENTS ENGINEERING METHODS
      5. ANALYSING PRIVACY REQUIREMENT METHODS
      6. DISCUSSION
    2. Chapter 9: Privacy Aware Systems
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. MODELLING PRIVACY
      5. THE UML MODEL
      6. TOWARDS DESIGN SOLUTIONS
      7. CONCLUSION
    3. Chapter 10: Incorporating Social Trust into Design Practices for Secure Systems
      1. ABSTRACT
      2. 1. INTRODUCTION
      3. 2. AFFORDANCE
      4. 3. SECURE SYSTEMS
      5. 4. THREE DISCUSSIONS ON TRUST
      6. 5. TRUST GOVERNANCE IN 'DESIGNING FOR TRUST'
      7. 6. TRUST AND BUSINESS
      8. 7. UNIFYING PARADIGM
      9. 8. ASSESSMENT FRAMEWORK
      10. 9. MATURITY MODEL
      11. 10. CONCLUSION
  11. Section 4: Secure Code Analysis
    1. Chapter 11: Static Program Analysis of Multi-Applet JavaCard Applications
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. STATIC ANALYSIS WITH THE FINDBUGS FRAMEWORK
      5. STATIC VERIFICATION OF JAVA CARD APPLICATIONS BY TYPESTATE TRACKING
      6. TAINTED OBJECT PROPAGATION
      7. FUTURE RESEARCH DIRECTIONS
      8. CONCLUSION
    2. Chapter 12: Automatic Timed Automata Extraction from Ladder Programs for Model-Based Analysis of Control Systems
      1. ABSTRACT
      2. INTRODUCTION
      3. BACKGROUND
      4. RELATED WORK
      5. FROM LADDER PROGRAM AND ISA 5.2 DIAGRAMS TO TIMED AUTOMATA
      6. CASE STUDY
      7. FUTURE RESEARCH DIRECTIONS
      8. CONCLUSION
  12. Compilation of References
  13. About the Contributors