ASASI: An Environment for Addressing Software Application Security Issues

2006 International Conference on Systems and Networks Communications (ICSNC'06) Pub Date : 2006-10-29 DOI:10.1109/ICSNC.2006.23

Mehrez Essafi, L. L. Jilani, H. Ghézala

{"title":"ASASI: An Environment for Addressing Software Application Security Issues","authors":"Mehrez Essafi, L. L. Jilani, H. Ghézala","doi":"10.1109/ICSNC.2006.23","DOIUrl":null,"url":null,"abstract":"Security is an emergent property of a software system. Several efforts are undertaken, to improve software security. However, developers still miss or misuse acquired knowledge. This is mainly due to domain immaturity, newness of the field, process complexity and absence of environments supporting such development. This paper presents our environment denoted ASASI for Addressing Software Application Security Issues. The main feature of the proposed environment is that it is based on a strategy oriented process model that provides a two level guidance. The first level guidance is strategic helping developers choosing one among compilations of the existing methods, standards and best practices. The second level guidance is tactical helping developers achieving their selection for producing secure software. The supported process model is easily extensible and allows building customized processes adapted to context, developer¿s finalities and product state. This flexibility allows the environment evolving through time to support new security requirements. Keywords-environment;","PeriodicalId":217322,"journal":{"name":"2006 International Conference on Systems and Networks Communications (ICSNC'06)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 International Conference on Systems and Networks Communications (ICSNC'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSNC.2006.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Security is an emergent property of a software system. Several efforts are undertaken, to improve software security. However, developers still miss or misuse acquired knowledge. This is mainly due to domain immaturity, newness of the field, process complexity and absence of environments supporting such development. This paper presents our environment denoted ASASI for Addressing Software Application Security Issues. The main feature of the proposed environment is that it is based on a strategy oriented process model that provides a two level guidance. The first level guidance is strategic helping developers choosing one among compilations of the existing methods, standards and best practices. The second level guidance is tactical helping developers achieving their selection for producing secure software. The supported process model is easily extensible and allows building customized processes adapted to context, developer¿s finalities and product state. This flexibility allows the environment evolving through time to support new security requirements. Keywords-environment;

查看原文本刊更多论文

ASASI:解决软件应用程序安全问题的环境

安全性是软件系统的一个紧急属性。为了提高软件的安全性，采取了一些措施。然而，开发人员仍然会错过或误用获得的知识。这主要是由于领域不成熟、领域的新颖性、过程复杂性和缺乏支持这种开发的环境。本文介绍了用于解决软件应用程序安全问题的ASASI环境。所建议的环境的主要特征是它基于一个面向策略的流程模型，该模型提供了两级指导。第一级指导是战略性的，帮助开发人员在现有方法、标准和最佳实践的汇编中选择一个。第二级指导是战术上的，帮助开发人员实现他们对生产安全软件的选择。所支持的流程模型易于扩展，并允许构建适应上下文、开发人员的最终结果和产品状态的自定义流程。这种灵活性允许环境随着时间的推移而发展，以支持新的安全需求。Keywords-environment;

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2006 International Conference on Systems and Networks Communications (ICSNC'06)

自引率

0.00%

发文量