A Framework for Security Assurance in Component Based Development

Kim, Hangkon

doi:10.1007/978-3-540-24707-4_70

Cited by 2 publications

(5 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security weakness or vulnerability in any of these components may comprise the entire system. Therefore, a process or methodology is required to assure the security of software components used in a wide range of applications [52,55].…”

Section: Challenges and Gaps In Security Assurancementioning

confidence: 99%

“…Requirements Elicitation [36,49], Specification [43,49], Identification [14,49], Aggregation [49,85], Measurement [47,49], Prioritization [43], Modelling [49,52,100,109], Correctness [80], Tracing [36], Security Requirements Engineering Process [69],…”

Section: Constructionmentioning

confidence: 99%

“…It provides the confidence that a system meets the security requirements and therefore has less vulnerabilities, resulting in the overall reduction of risk in using the related system. Due to the importance of security assurance, most organizations make the efforts to demonstrate the security assurance of their systems but mostly relied on less effective approaches [52]. Therefore, various researches have been conducted towards enhancing security assurance in systems, as outlined in the subsequent sections.…”

Section: Constructionmentioning

confidence: 99%

“…and CAP, where EAL is used to evaluate a single IT entity while CAP is used to evaluate the composite IT entities. Some other efforts have been made to develop component security assurance methods based on the security properties of the individual system components [48,52,55].…”

Section: Security Assurance Framework For Software Authenticitymentioning

confidence: 99%

See 3 more Smart Citations

System Security Assurance: A Systematic Literature Review

Shukla¹,

Katt²,

Nweke³

et al. 2021

Preprint

View full text Add to dashboard Cite

Security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We systematically review the requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We shed light on the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Systems security.

show abstract

Section: Challenges and Gaps In Security Assurancementioning

confidence: 99%

Section: Constructionmentioning

confidence: 99%

Section: Constructionmentioning

confidence: 99%

Section: Security Assurance Framework For Software Authenticitymentioning

confidence: 99%

See 2 more Smart Citations

System Security Assurance: A Systematic Literature Review

Shukla¹,

Katt²,

Nweke³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Many studies have stated that the only means to solve software vulnerability is to consider software security development (Khaled and Han, 2006;Kim, 2004;McGraw, 2004;Mir and Quadri, 2012;Simpson, 2012). However, efforts to measure and improve software security remain under investigation (Alberts et al, 2012;Colombo et al, 2012;Karen et al, 2006;Lai, 2012;Steward et al, 2012).…”

Section: Software Securitymentioning

confidence: 99%

Dependability Attributes for Increased Security in Component-Based Software Development

Kahtan

Bakar²,

Nordin³

2014

Journal of Computer Science

View full text Add to dashboard Cite

Existing software applications become increasingly distributed as their continuity and lifetimes are lengthened; consequently, the users' dependence on these applications is increased. The security of these applications has become a primary concern in their design, construction and evolution. Thus, these applications give rise to major concerns on the capability of the current development approach to develop secure systems. Component-Based Software Development (CBSD) is a software engineering approach. CBSD has been successfully applied in many domains. However, the CBSD capability to develop secure software applications is lacking to date. This study is an extension of the previous study on the challenges of the security features in CBSD models. Therefore, this study proposes a solution to the lack of security in CBSD models by highlighting the attributes that must be embedded into the CBSD process. A thorough analysis of existing studies is conducted to investigate the related software security attributes. The outcome analysis is beneficial for industries, such as software development companies, as well as for academic institutions. The analysis also serves as a baseline reference for companies that develop component-based software.

show abstract

A Framework for Security Assurance in Component Based Development

Cited by 2 publications

References 2 publications

System Security Assurance: A Systematic Literature Review

System Security Assurance: A Systematic Literature Review

Dependability Attributes for Increased Security in Component-Based Software Development

Contact Info

Product

Resources

About