Evolution of Security Engineering Artifacts

Felderer, Michael; Katt, Basel; Kalb, Philipp; Jürjens, Jan; Ochoa, Martín; Paci, Federica; Tran, Le Minh Sang; Tun, Thein Than; Yskout, Koen; Scandariato, Riccardo; Piessens, Frank; Vanoverberghe, Dries; Fourneret, Elizabeta; Gander, Matthias; Solhaug, Bjørnar; Breu, Ruth

doi:10.4018/ijsse.2014100103

Cited by 11 publications

(6 citation statements)

References 190 publications

(195 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This makes it especially challenging to keep software systems permanently secure as changes either in the system itself or in its environment may cause new threats and vulnerabilities [37]. A combination of regression and security testing called security regression testing, which ensures that changes made to a system do not harm its security, are therefore of high significance and the interest in such approaches has steadily increased [36].…”

Section: Security Regression Testingmentioning

confidence: 99%

Security Testing

Felderer

Büchler

Johns

et al. 2016

Advances in Computers

Self Cite

112

View full text Add to dashboard Cite

ReuseThis article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs (CC BY-NC-ND) licence. This licence only allows you to download this work and share it with others as long as you credit the authors, but you can't change the article in any way or use it commercially. More information and the full terms of the licence here: https://creativecommons.org/licenses/ Takedown If you consider content in White Rose Research Online to be in breach of UK law, please notify us by emailing eprints@whiterose.ac.uk including the URL of the record and the reason for the withdrawal request. Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application.

show abstract

Section: Security Regression Testingmentioning

confidence: 99%

Security Testing

Felderer

Büchler

Johns

et al. 2016

Advances in Computers

Self Cite

112

View full text Add to dashboard Cite

show abstract

“…In this paper, we only focus on the threat model to identify the potential threats and risks that could affect the system. It is significant for system security engineering to derive the security requirements and protection mechanisms based on the threat model [40]. Hence, the threat models are commonly used in automotive security.…”

Section: Taxonomy Of Security Modelsmentioning

confidence: 99%

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Hao

Han

2020

Future Internet

View full text Add to dashboard Cite

As the intelligent car-networking represents the new direction of the future vehicular development, automotive security plays an increasingly important role in the whole car industry chain. On condition that the accompanying problems of security are proofed, vehicles will provide more convenience while ensuring safety. Security models can be utilized as tools to rationalize the security of the automotive system and represent it in a structured manner. It is essential to improve the knowledge about security models by comparing them besides proposing new methods. This paper aims to give a comprehensive introduction to the topic of security models for the Intelligent Transport System (ITS). A survey of the current methodologies for security modeling is conducted and a classification scheme is subsequently proposed. Furthermore, the existing framework and methods to build automotive security models are broadly examined according to the features of automotive electronic system. A number of fundamental aspects are defined to compare the presented methods in order to comprehend the automotive security modeling in depth.

show abstract

“…To increase the security level of software products, this process should be continuously updated [5], [7]; hence, studies showing the trends in methodologies, notations, tools, and techniques are required.…”

Section: Introductionmentioning

confidence: 99%

Systematic Mapping of the Literature on Secure Software Development

2021

View full text Add to dashboard Cite

The accelerated growth in exploiting vulnerabilities due to errors or failures in the software development process is a latent concern in the Software Industry. In this sense, this study aims to provide an overview of the Secure Software Development trends to help identify topics that have been extensively studied and those that still need to be. Therefore, in this paper, a systematic mapping review with PICo search strategies was conducted. A total of 867 papers were identified, of which only 528 papers were selected for this review. The main findings correspond to the Software Requirements Security, where the Elicitation and Misuse Cases reported more frequently. In Software Design Security, recurring themes are security in component-based software development, threat model, and security patterns. In the Software Construction Security, the most frequent topics are static code analysis and vulnerability detection. Finally, in Software Testing Security, the most frequent topics are vulnerability scanning and penetration testing. In conclusion, there is a diversity of methodologies, models, and tools with specific objectives in each secure software development stage.

show abstract

Evolution of Security Engineering Artifacts

Cited by 11 publications

References 190 publications

Security Testing

Security Testing

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Systematic Mapping of the Literature on Secure Software Development

Contact Info

Product

Resources

About