How to tackle security issues in large existing/legacy systems while maintaining development priorities

2008 IEEE Conference on Technologies for Homeland Security Pub Date : 2008-05-12 DOI:10.1109/THS.2008.4534443

D. Campara, N. Mansourov

{"title":"How to tackle security issues in large existing/legacy systems while maintaining development priorities","authors":"D. Campara, N. Mansourov","doi":"10.1109/THS.2008.4534443","DOIUrl":null,"url":null,"abstract":"Legacy software systems represent a large base of software assets that hold significant corporate intellectual properties, along with carrying large opportunity costs and operational risks. There is a growing need to prolong their lifespan through maintenance efforts and enhance them to accommodate new and changing market requirements and governmental regulations. The majority of these systems were developed at a time when security requirements were more relaxed and not well understood, and at a time when being netted did not have the same consequences as exist today. There is a real need for retrofitting security into legacy software systems so they can operate in the current environments. However, over time, as legacy systems became larger and more complex, their design structure eroded which hinders system comprehension, compromises architectural integrity and decreases maintenance productivity. This makes the task of retrofitting security difficult and risky. Since legacy systems are a large part of our nations' critical infrastructure we must retrofit-in security in such way that the level of confidence related to security is substantially increased. This paper will discuss a standards based approach to achieving this goal.","PeriodicalId":366416,"journal":{"name":"2008 IEEE Conference on Technologies for Homeland Security","volume":"14 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE Conference on Technologies for Homeland Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2008.4534443","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Legacy software systems represent a large base of software assets that hold significant corporate intellectual properties, along with carrying large opportunity costs and operational risks. There is a growing need to prolong their lifespan through maintenance efforts and enhance them to accommodate new and changing market requirements and governmental regulations. The majority of these systems were developed at a time when security requirements were more relaxed and not well understood, and at a time when being netted did not have the same consequences as exist today. There is a real need for retrofitting security into legacy software systems so they can operate in the current environments. However, over time, as legacy systems became larger and more complex, their design structure eroded which hinders system comprehension, compromises architectural integrity and decreases maintenance productivity. This makes the task of retrofitting security difficult and risky. Since legacy systems are a large part of our nations' critical infrastructure we must retrofit-in security in such way that the level of confidence related to security is substantially increased. This paper will discuss a standards based approach to achieving this goal.

查看原文本刊更多论文

如何在保持开发优先级的同时解决大型现有/遗留系统中的安全问题

遗留软件系统代表了大量的软件资产基础，这些资产拥有重要的公司知识产权，同时还带有大量的机会成本和操作风险。越来越需要通过维护工作来延长它们的使用寿命，并增强它们以适应新的和不断变化的市场需求和政府法规。这些系统中的大多数都是在安全需求较为宽松且未被很好地理解的时候开发的，并且在被网络覆盖的时候不会产生与今天相同的后果。我们确实需要对遗留软件系统进行安全改造，以便它们能够在当前环境中运行。然而，随着时间的推移，随着遗留系统变得更大、更复杂，它们的设计结构受到侵蚀，从而阻碍了系统的理解，损害了体系结构的完整性，降低了维护效率。这使得改进安全性的任务变得困难和危险。由于遗留系统是我们国家关键基础设施的很大一部分，我们必须对安全进行改造，从而大大提高与安全有关的信心水平。本文将讨论一种基于标准的方法来实现这一目标。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 IEEE Conference on Technologies for Homeland Security

自引率

0.00%

发文量