Software analysis for security

Mancoridis, Spiros

doi:10.1109/fosm.2008.4659254

Cited by 4 publications

(4 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To overcome common errors regarding string and integer manipulation in C/C++, alternate solutions are available [59]. Te most common vulnerabilities arising from coding problems in C language are bufer overfow, format string vulnerabilities, and integer vulnerabilities [60].…”

Section: Security Implementation Implementation Begins Withmentioning

confidence: 99%

Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model

Hussain,

Anwaar,

Sultan

et al. 2024

Journal of Engineering

View full text Add to dashboard Cite

For the past few years, software security has become a pressing issue that needs to be addressed during software development. In practice, software security is considered after the deployment of software rather than considered as an initial requirement. This delayed action leads to security vulnerabilities that can be catered for during the early stages of the software development life cycle (SDLC). To safeguard a software product from security vulnerabilities, security must be given equal importance with functional requirements during all phases of SDLC. In this paper, we propose a policy-driven waterfall model (PDWM) for secure software development describing key points related to security aspects in the software development process. The security requirements are the security policies that are considered during all phases of waterfall-based SDLC. A framework of PDWM is presented and applied to the e-travel scenario to ascertain its effectiveness. This scenario is a case of small to medium-sized software development project. The results of case study show that PDWM can identify 33% more security vulnerabilities as compared to other secure software development techniques.

show abstract

Section: Security Implementation Implementation Begins Withmentioning

confidence: 99%

Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model

Hussain,

Anwaar,

Sultan

et al. 2024

Journal of Engineering

View full text Add to dashboard Cite

show abstract

“…He stresses that it is necessary to develop formal notations and tools to allow the specification of softwaresecurity architectures. Mancoridis assumes that the developer has the security architecture of her software in her mind, what is not necessarily the case [13].…”

Section: Related Workmentioning

confidence: 99%

“…One conclusion that we drew from our security review is that it is necessary to create more formal architectural security views (see also Mancoridis' statement [13]). These views need to be language-and platform-independent in order to be a common language to communicate with security experts who are not necessarily experts for the programming language.…”

Section: Software-security Comprehensionmentioning

confidence: 99%

An Android Security Case Study with Bauhaus

Berger

Bunke

Sohr

2011

2011 18th Working Conference on Reverse Engineering

View full text Add to dashboard Cite

Abstract-Software security has made great progress; code analysis tools are widely-used in industry for detecting common implementation-level security bugs. However, given the fact that we must deal with legacy code we plead to employ the techniques long been developed in the research area of program comprehension for software security. In cooperation with a security expert, we carried out a case study with the mobile phone platform Android, and employed the reverse engineering tool-suite Bauhaus for this security assessment. During the investigation we found some inconsistencies in the implementation of the Android security concepts. Based on the lessons learned from the case study, we propose several research topics in the area of reverse engineering that would support a security analyst during security assessments.

show abstract

“…Static tools like FlawFinder exist to evaluate source code and dynamic tools are also available to highlight vulnerabilities in the run-time environment. Reviewing these results alongside standard testing procedures like white-box and black-box techniques help uncover and resolve code weaknesses (Mancoridis, 2008).…”

Section: Knowledge Gained and Artifacts Producedmentioning

confidence: 99%

Assimilating and Optimizing Software Assurance in the SDLC

Adeniji

Lee

2010

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

Software Assurance is the planned and systematic set of activities that ensures software processes and products conform to requirements while standards and procedures in a manner that builds trusted systems and secure software. While absolute security may not yet be possible, procedures and practices exist to promote assurance in the software lifecycle. In this paper, the authors present a framework and step-wise approach towards achieving and optimizing assurance by infusing security knowledge, techniques, and methodologies into each phase of the Software Development Lifecycle (SDLC).

show abstract

Software analysis for security

Abstract: Abstract

Cited by 4 publications

References 30 publications

Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model

Mitigating Software Vulnerabilities through Secure Software Development with a Policy-Driven Waterfall Model

An Android Security Case Study with Bauhaus

Assimilating and Optimizing Software Assurance in the SDLC

Contact Info

Product

Resources

About