How can the developer benefit from security modeling?

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.96

Shanai Ardi, David Byers, P. H. Meland, Inger Anne Tøndel, N. Shahmehri

{"title":"How can the developer benefit from security modeling?","authors":"Shanai Ardi, David Byers, P. H. Meland, Inger Anne Tøndel, N. Shahmehri","doi":"10.1109/ARES.2007.96","DOIUrl":null,"url":null,"abstract":"Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g., threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"447 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.96","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

Abstract

Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g., threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development

查看原文本刊更多论文

开发人员如何从安全建模中获益?

由于故障、安全威胁和暴露于威胁的后果不断增加，恶意用户带来的整体风险不断增加，安全性已成为几乎每个软件开发项目的必要组成部分。如今很少有项目可以忽略软件安全性。尽管如此，在整个软件生命周期中，安全性仍然很少被考虑;安全性通常是事后才想到的，在开发后期才考虑，很少考虑存在哪些威胁和暴露。面对不断变化的威胁和暴露，人们很少考虑维护安全。软件开发人员通常不是安全专家。然而，现在有一些方法和工具可以帮助开发人员构建更安全的软件。安全建模，例如威胁和漏洞的建模，就是这样一种方法，当集成到软件开发过程中时，可以帮助开发人员防止软件中的安全问题。我们将讨论这些问题，并介绍如何将建模工具、漏洞存储库和开发工具连接起来，为安全软件开发提供支持

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量