Assessing of software security reliability: Dimensional security assurance techniques

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-11-26 DOI:10.1016/j.cose.2024.104230

Mohammad Ali, Ahsan Ullah, Md. Rashedul Islam, Rifat Hossain

{"title":"Assessing of software security reliability: Dimensional security assurance techniques","authors":"Mohammad Ali, Ahsan Ullah, Md. Rashedul Islam, Rifat Hossain","doi":"10.1016/j.cose.2024.104230","DOIUrl":null,"url":null,"abstract":"<div><div>Security plays a crucial role in ensuring the reliability of software systems, making a secure and dependable security framework vital for safeguarding software integrity. However, evaluating the dynamic and multifaceted aspects of security presents significant challenges, as various security metrics and factors complicate the assessment of reliability. This study advances the core concepts of software security through the application of security assurance techniques, including vulnerability scanning, code review, penetration testing, threat assessment, control evaluation, mitigation, risk assessment, and configuration review. In the context of the Software Security Reliability Model (SSRM), a framework was developed to enhance software security assurance across different stages. A comprehensive systematic literature review was conducted to identify security challenges, and the STRIDE and DREAD methodologies were applied to model security threats effectively. Additionally, a mathematical CVSS scoring method was utilized for risk assessment. The synthesis of diverse security methods, tools, attack patterns, and systems was analyzed, identifying 15 critical software security terms: authentication, authorization, encryption, access control, network security, application security, data security, incident response, compliance, threat intelligence, privacy protection, third-party risk, cloud security, endpoint security, and identity management. The findings highlight these terms as key contributors to improving software security reliability.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104230"},"PeriodicalIF":4.8000,"publicationDate":"2024-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824005364","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Security plays a crucial role in ensuring the reliability of software systems, making a secure and dependable security framework vital for safeguarding software integrity. However, evaluating the dynamic and multifaceted aspects of security presents significant challenges, as various security metrics and factors complicate the assessment of reliability. This study advances the core concepts of software security through the application of security assurance techniques, including vulnerability scanning, code review, penetration testing, threat assessment, control evaluation, mitigation, risk assessment, and configuration review. In the context of the Software Security Reliability Model (SSRM), a framework was developed to enhance software security assurance across different stages. A comprehensive systematic literature review was conducted to identify security challenges, and the STRIDE and DREAD methodologies were applied to model security threats effectively. Additionally, a mathematical CVSS scoring method was utilized for risk assessment. The synthesis of diverse security methods, tools, attack patterns, and systems was analyzed, identifying 15 critical software security terms: authentication, authorization, encryption, access control, network security, application security, data security, incident response, compliance, threat intelligence, privacy protection, third-party risk, cloud security, endpoint security, and identity management. The findings highlight these terms as key contributors to improving software security reliability.

查看原文本刊更多论文

软件安全可靠性评估：维度安全保证技术

安全性在保证软件系统的可靠性方面起着至关重要的作用，一个安全可靠的安全框架对于保障软件的完整性至关重要。然而，评估安全性的动态和多方面方面提出了重大挑战，因为各种安全度量和因素使可靠性评估复杂化。本研究通过应用安全保障技术，包括漏洞扫描、代码审查、渗透测试、威胁评估、控制评估、缓解、风险评估和配置审查，提出了软件安全的核心概念。在软件安全可靠性模型（SSRM）的背景下，开发了一个框架来增强不同阶段的软件安全保障。进行了全面系统的文献综述，以确定安全挑战，并应用STRIDE和DREAD方法有效地建模安全威胁。此外，采用数学CVSS评分方法进行风险评估。分析了各种安全方法、工具、攻击模式和系统的综合，确定了15个关键的软件安全术语：身份验证、授权、加密、访问控制、网络安全、应用程序安全、数据安全、事件响应、合规性、威胁情报、隐私保护、第三方风险、云安全、端点安全和身份管理。研究结果强调这些术语是提高软件安全可靠性的关键因素。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.