Security-aware Software Development Life Cycle (SaSDLC) - Processes and tools

Talukder, Asoke K.; Maurya, Vineet Kumar; Santhosh, Babu G.; Jangam, Ebenezer; Muni, Sekhar V.; Jevitha, K. P.; Saurabh, Samanta; Pais, Alwyn Roshan

doi:10.1109/wocn.2009.5010550

Cited by 15 publications

(4 citation statements)

References 3 publications

(1 reference statement)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Traditional risk assessment approaches often overlook the socio-technical complexities inherent in smart home environments, including human behaviours, social interactions, and organizational dynamics. This research area advocates for the development of comprehensive risk assessment frameworks that account for both technical vulnerabilities and socio-cultural factors [69]. By adopting a holistic approach to risk assessment, researchers can identify interdependencies between technological risks and human factors, enabling more effective risk mitigation strategies tailored to smart home contexts.…”

Section: Socio-technical Risk Assessment Frameworkmentioning

confidence: 99%

A Review on Mitigating Privacy Risks in IoT-Enabled Smart Homes

Dhanraj,

Kumar,

Singh

et al. 2024

Comput. Networks Commun.

View full text Add to dashboard Cite

This paper discusses current technologies for lessening these risks and suggests an approach with multiple layers toward tackling these concerns. This plan integrates security measures at the device level, as well as security measures for networks, and even educational measures for users. Real-world instances and illustrations of the efficacy of the suggested method are presented. Various research gaps in IoT security and privacy have been identified, like the necessity for scalable security solutions, business-related problems, security policies focused on users, protection of privacy using data analysis, and the evolving threat landscape!! It also emphasizes the need for security measures for energy storage and contemplates the legal and ethical consequences of IoT security and privacy in intelligent homes. The discussion concludes with future research directions and challenges related to IoT security and privacy strategies and recognizes potential areas for innovation and enhancement. The intention is to contribute to the continuing discussion on IoT security and privacy, offering perspectives and recommendations to safeguard the integrity and privacy of the ecosystem in intelligent homes in an increasingly interconnected world.

show abstract

Section: Socio-technical Risk Assessment Frameworkmentioning

confidence: 99%

A Review on Mitigating Privacy Risks in IoT-Enabled Smart Homes

Dhanraj,

Kumar,

Singh

et al. 2024

Comput. Networks Commun.

View full text Add to dashboard Cite

show abstract

“…Attack trees have been implemented in a number of tools, such as SeaMonster [72], which was implemented by the SHIELDS project [159], and Suraksha [176]. They have also been researched intensively, and examples can be found in [179,190,109,106,99] where reusability of attack models has been considered.…”

Section: Architecture and Design For Security: Development And Evaluatimentioning

confidence: 99%

Architecture-Centric Testing for Security

Al-Azzani

2014

Agile Software Architecture

View full text Add to dashboard Cite

This thesis presents a novel architecture-centric approach, which uses Implied Scenarios (IS) to detect design-vulnerabilities in the software architecture. It reviews security testing approaches, and draws on their limitations in addressing unpredictable behaviour in the face of evolution. The thesis introduces the concept of Security IS as unanticipated architecture. The refinement is test-driven and incremental, where refinements are tested before they are committed. The thesis also presents SecArch, an extension to the IS approach to enhance its search-space to detect hidden race conditions. It is concerned with predicting further valid conditions in the face of real parallelism in distributed systems with respect to non-FIFO queues.The thesis reports on the applications of the proposed approach and its extension to three case studies for testing the security of distributed and cloud architectures in the presence of uncertainty in the operating environment, unpredictability of interaction and possible security IS. The applications demonstrate novelty in the way security testing addresses emergent behaviour in applications which are characterised with dynamism, heterogeneity, openness, scale and unpredictability in operation and their evolution trends.We have drawn on these case studies to evaluate the thesis.

show abstract

“…Multiple works highlight the importance of the early capture of the security needs of organizations (Basin et al , 2006; Dahbur et al , 2017; Kampová et al , 2020). This is taking into consideration that they can be useful for describing the security requirements that must be considered for software development (Lingham et al , 2020; Talukder et al , 2009). Nowadays, these needs can be specified in Enterprise Architecture (EA) models (The Open Group, 2011).…”

Section: Introductionmentioning

confidence: 99%

Obtaining secure business process models from an enterprise architecture considering security requirements

Martín

Rodríguez

Caro

et al. 2021

BPMJ

View full text Add to dashboard Cite

PurposeSecurity requirements play an important role in software development. These can be specified both in enterprise architecture models and in business processes. Enterprises increasingly carry out larger amounts of business processes where security plays a major role. Business processes including security can be automatically obtained from enterprise architecture models by applying a model-driven architecture approach, through a CIM to CIM transformation. The aim of this article is to present the specification of transformation rules for the correspondence between enterprise architecture and business process model elements focusing on security.Design/methodology/approachThis work utilizes motivational aspects of the ArchiMate language to model security in the business layer of enterprise architectures. Next, a set of transformation rules defined with the Atlas Transformation Language are utilized to obtain the correspondence of the enterprise architecture elements in a business process, modelled with a security extension of BPMN.FindingsA total of 19 transformation rules have been defined. These rules are more complex than element to element relations, as they take into consideration the context of the elements for establishing the correspondence. Additionally, the prototype of a tool that allows the automatic transformation between both models has been developed.Originality/valueThe results of this work demonstrate the possibility to tackle complex transformations between both models, as previous literature focuses on semantic correspondences. Moreover, the obtained models can be of use for software developers applying the model-driven approach.

show abstract

Security-aware Software Development Life Cycle (SaSDLC) - Processes and tools

Cited by 15 publications

References 3 publications

A Review on Mitigating Privacy Risks in IoT-Enabled Smart Homes

A Review on Mitigating Privacy Risks in IoT-Enabled Smart Homes

Architecture-Centric Testing for Security

Obtaining secure business process models from an enterprise architecture considering security requirements

Contact Info

Product

Resources

About