Engineering secure systems: Models, patterns and empirical validation

Hamid, Brahim; Weber, Donatus

doi:10.1016/j.cose.2018.03.016

Cited by 21 publications

(10 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several secure software development approaches have been proposed. Hamid et al proposed a secure design pattern that supports model transformation of existing model into secure model representation. Usage of different pattern in different transformation language is evaluated by Leno et al It also identifies new patterns that are not yet cataloged.…”

Section: Resultsmentioning

confidence: 99%

An automation framework design for secure software development

Mythily

Valarmathi²,

Durai

et al. 2019

J Software Evolu Process

View full text Add to dashboard Cite

Business process modeling (BPM) is procedural-oriented advanced activity for representing process models with domain knowledge. It consists of all the functional requirements given by the users to build the software. However, nonfunctional requirements such as cost, time, performance, and security are used to evaluate the performance of a system. Among these requirements, security is the vital attribute to be taken care at the early stage of any software development. For example, even governing bodies are heavily dependents on the data system due to security exposures. So automation on model transformation from non-secured metamodel to secured metamodels improves the overall execution of the software evolution process. In this paper, the authors propose an Auto Secure Business Process (AutoSBP) system to automate security to the existing software models. The activity model of existing system is dismantled into attributes and actions to extract its business need.Based on the interpretation from business data, security implications are applied to the existing software models. To fine tune the security implications, ID3 decision learning algorithm is applied. The effect of the system-generated model assures the quality by its complexity metrics.

show abstract

Section: Resultsmentioning

confidence: 99%

An automation framework design for secure software development

Mythily

Valarmathi²,

Durai

et al. 2019

J Software Evolu Process

View full text Add to dashboard Cite

show abstract

“…In this way, Hamid and Weber propose in [30] a model driven engineering (MDE) methodological approach focus on patterns to support the development of secure software systems. Diaz et al [31] use DevSecOps techniques to study the versioned configuration of a cybersecurity monitoring infrastructure.…”

Section: The Viewnext-uex Emerging Modelmentioning

confidence: 99%

A Preventive Secure Software Development Model for a Software Factory: A Case Study

2020

View full text Add to dashboard Cite

The number of cyberattacks has greatly increased in in the last years, as well as their sophistication and impact. For this reason, new emerging software development models are demanded, which help in developing secure by default software. To achieve this, the analysis and comparison in depth of the current models of secure software development is especially important. In this paper, a review of the most popular secure software models is presented, and a new secure software methodology is proposed, adapted to all current environments. A practical experiment in a software development company is tested, as a case study, considering data from real software projects. The results are presented and compared in two development scenarios: a classic one with a reactive security approach, and another one, emerging and preventive, that applies security by default in all phases of the software life cycle. In the case study, the total amount of vulnerabilities is reduced by 68,42%, decreasing their criticality and the temporal impact of their resolutions. In this way, software security and quality are methodologically improved with the proposed model, proving that the new emerging approach provides a more secure software.INDEX TERMS Commercial experiment, preventive model, secure software development, vulnerability reduction.

show abstract

“…Hamid and Weber [14] propose a model-driven engineering (MDE) methodological approach associated with a pattern-DOI reference number: 10.18293/SEKE2019-015 based approach to support the development of secure software systems.…”

Section: Related Workmentioning

confidence: 99%

SPRO: Security Process Framework

Persch¹,

Fontoura²,

Fontoura³

2019

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

Secure software implies that the process used in its development includes activities to insert, monitor and ensure security from the early stages of the software process. This article proposes the Security Process Framework that aims to facilitate the task of creating secure processes through the reuse of process components developed from security patterns. The components are recovered and prioritized from a repository through multicriteria techniques that consider security requirements and characteristics related to the project context. Software process lines are used to organize the selected components and to assemble the secure software process. Furthermore, a tool called SPro System was developed to support the use of the framework. Case studies were used to verify the applicability of the proposal, which showed that the framework and SPro System) facilitated the tailoring and decreased the time spent in the definition of security processes.

show abstract

Engineering secure systems: Models, patterns and empirical validation

Cited by 21 publications

References 51 publications

An automation framework design for secure software development

An automation framework design for secure software development

A Preventive Secure Software Development Model for a Software Factory: A Case Study

SPRO: Security Process Framework

Contact Info

Product

Resources

About