发布求助
文献互助 智能选刊 最新文献

International journal of secure software engineering最新文献

筛选
英文 中文
Risk Centric Activities in Secure Software Development in Public Organisations 公共机构安全软件开发中的风险中心活动
International journal of secure software engineering Pub Date : 2017-10-01 DOI: 10.4018/IJSSE.2017100101
Inger Anne Tøndel, M. Jaatun, D. Cruzes, N. B. Moe
{"title":"Risk Centric Activities in Secure Software Development in Public Organisations","authors":"Inger Anne Tøndel, M. Jaatun, D. Cruzes, N. B. Moe","doi":"10.4018/IJSSE.2017100101","DOIUrl":"https://doi.org/10.4018/IJSSE.2017100101","url":null,"abstract":"When working with software security in a risk-centric way, development projects become equipped to make decisions on how much security to include and what type of security pays off. This article pr...","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"123 1","pages":"1-30"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77891995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
LDAP Vulnerability Detection in Web Applications Web应用中的LDAP漏洞检测
International journal of secure software engineering Pub Date : 2017-10-01 DOI: 10.4018/IJSSE.2017100102
H. Shahriar, Hisham M. Haddad, Pranahita Bulusu
{"title":"LDAP Vulnerability Detection in Web Applications","authors":"H. Shahriar, Hisham M. Haddad, Pranahita Bulusu","doi":"10.4018/IJSSE.2017100102","DOIUrl":"https://doi.org/10.4018/IJSSE.2017100102","url":null,"abstract":"LightweightDirectoryAccessProtocol(LDAP)iscommonlyusedinwebapplicationstoprovide lookupinformationandenforcingauthentication.WebapplicationsmaysufferfromLDAPinjection vulnerabilitiesthatcanleadtosecuritybreachessuchasloginbypassandprivilegeescalation.This paper1proposesOCLfaultinjection-baseddetectionofLDAPinjectionattacks.Theauthorsextract design-levelinformationandconstraintsexpressedinOCLandthenrandomlyalterthemtogenerate testcasesthathavethecapabilitytouncoverLDAPinjectionvulnerabilities.Theauthorsproposed approachestoimplementtestcasegeneration,andtheyusedoneopensourcePHPapplicationand onecustomapplicationtoevaluatetheproposedapproach.Theanalysisshowsthatthisapproachcan detectLDAPinjectionvulnerabilities. KEyWoRDS Fault Injection, LDAP, LDAP Query Injection, Object Constraint Language (OCL)","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"6 1","pages":"31-50"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82066262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Analysis of Existing Software Cognitive Complexity Measures 现有软件认知复杂性测度分析
International journal of secure software engineering Pub Date : 2017-10-01 DOI: 10.4018/IJSSE.2017100103
S. Misra, A. Adewumi, Robertas Damaševičius, R. Maskeliūnas
{"title":"Analysis of Existing Software Cognitive Complexity Measures","authors":"S. Misra, A. Adewumi, Robertas Damaševičius, R. Maskeliūnas","doi":"10.4018/IJSSE.2017100103","DOIUrl":"https://doi.org/10.4018/IJSSE.2017100103","url":null,"abstract":"In order to maintain the quality of software, it is important to measure it complexity. This provides an insight into the degree of comprehensibility and maintainability of the software. Measurement can be carried out using cognitive measures which are based on cognitive informatics. A number of such measures have been proposed in literature. The goal of this article is to identify the features and advantages of the existing measures. In addition, a comparative analysis is done based on some selected criteria. The results show that there is a similar trend in the output obtained from the different measures when they are applied to different examples. This makes it easy for adopting organisations to readily choose from the options based on the availability of tool support.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"28 1","pages":"51-71"},"PeriodicalIF":0.0,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77094105","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Goal Modelling for Security Problem Matching and Pattern Enforcement 安全问题匹配和模式实施的目标建模
International journal of secure software engineering Pub Date : 2017-07-01 DOI: 10.4018/IJSSE.2017070103
Y. Yu, H. Kaiya, Nobukazu Yoshioka, Zhenjiang Hu, H. Washizaki, Yingfei Xiong, Amin Hosseinian Far
{"title":"Goal Modelling for Security Problem Matching and Pattern Enforcement","authors":"Y. Yu, H. Kaiya, Nobukazu Yoshioka, Zhenjiang Hu, H. Washizaki, Yingfei Xiong, Amin Hosseinian Far","doi":"10.4018/IJSSE.2017070103","DOIUrl":"https://doi.org/10.4018/IJSSE.2017070103","url":null,"abstract":"This article describes how earlier detection of security problems and the implementation of solutions would be a cost-effective approach for developing secure software systems. Developing, gathering and sharing similar repeatable programming knowledge and solutions has led to the introduction of Patterns in the 90's. The same concept has been adopted to realise reoccurring security knowledge and hence security patterns. Detecting a security problem using the patterns in requirements models may lead to its early prevention. In this article, the authors have provided an overview of security patterns in the past two decades, followed by a summary of i*/Tropos goal modelling framework. Section 2 outlines model-driven development, meta-models and model transformation, within the context of requirements engineering. They have summarised security access control types, and formally described role-based access control (RBAC) in particular as a pattern that may occur in the stakeholder requirements models. Then the authors used the i* modelling language and some elements from its constructs - model-driven queries and transformations - to describe the pattern enforcement. This is applied to a number of requirements models within the literature, and the pattern-based transformation tool they designed has automated the detection and resolution of this security pattern in several goal-oriented stakeholder requirements. Finally, the article also reflects on a variety of existing applications and future work.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"24 1","pages":"42-57"},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76927457","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A Database of Existing Vulnerabilities to Enable Controlled Testing Studies 现有漏洞数据库,以实现控制测试研究
International journal of secure software engineering Pub Date : 2017-07-01 DOI: 10.4018/IJSSE.2017070101
Sofia Reis, Rui Abreu
{"title":"A Database of Existing Vulnerabilities to Enable Controlled Testing Studies","authors":"Sofia Reis, Rui Abreu","doi":"10.4018/IJSSE.2017070101","DOIUrl":"https://doi.org/10.4018/IJSSE.2017070101","url":null,"abstract":"","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"140 1","pages":"1-23"},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75644130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Self-Modifying Code: A Provable Technique for Enhancing Program Obfuscation 自修改代码:一种增强程序混淆的可证明技术
International journal of secure software engineering Pub Date : 2017-07-01 DOI: 10.4018/IJSSE.2017070102
C. Behera, D. Bhaskari
{"title":"Self-Modifying Code: A Provable Technique for Enhancing Program Obfuscation","authors":"C. Behera, D. Bhaskari","doi":"10.4018/IJSSE.2017070102","DOIUrl":"https://doi.org/10.4018/IJSSE.2017070102","url":null,"abstract":"","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"13 1","pages":"24-41"},"PeriodicalIF":0.0,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81828791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Designing Secure and Privacy-Aware Information Systems 设计安全和隐私意识信息系统
International journal of secure software engineering Pub Date : 2017-04-01 DOI: 10.4018/IJSSE.2017040101
Christos Kalloniatis, Argyri Pattakou, E. Kavakli, S. Gritzalis
{"title":"Designing Secure and Privacy-Aware Information Systems","authors":"Christos Kalloniatis, Argyri Pattakou, E. Kavakli, S. Gritzalis","doi":"10.4018/IJSSE.2017040101","DOIUrl":"https://doi.org/10.4018/IJSSE.2017040101","url":null,"abstract":"Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"39 1","pages":"1-25"},"PeriodicalIF":0.0,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75523834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Design Patterns and Design Quality: Theoretical Analysis, Empirical Study, and User Experience 设计模式和设计质量:理论分析、实证研究和用户体验
International journal of secure software engineering Pub Date : 2017-04-01 DOI: 10.4018/IJSSE.2017040103
Liguo Yu, Yingmei Li, S. Ramaswamy
{"title":"Design Patterns and Design Quality: Theoretical Analysis, Empirical Study, and User Experience","authors":"Liguo Yu, Yingmei Li, S. Ramaswamy","doi":"10.4018/IJSSE.2017040103","DOIUrl":"https://doi.org/10.4018/IJSSE.2017040103","url":null,"abstract":"","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"22 1","pages":"53-81"},"PeriodicalIF":0.0,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81919830","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Introducing a Novel Security-Enhanced Agile Software Development Process 介绍一种新的安全增强敏捷软件开发过程
International journal of secure software engineering Pub Date : 2017-04-01 DOI: 10.4018/IJSSE.2017040102
Martin Boldt, A. Jacobsson, D. Baca, B. Carlsson
{"title":"Introducing a Novel Security-Enhanced Agile Software Development Process","authors":"Martin Boldt, A. Jacobsson, D. Baca, B. Carlsson","doi":"10.4018/IJSSE.2017040102","DOIUrl":"https://doi.org/10.4018/IJSSE.2017040102","url":null,"abstract":"In this paper, a novel security-enhanced agile software development process, SEAP, is introduced. It has been designed, tested, and implemented at Ericsson AB, specifically in the development of a ...","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"32 1","pages":"26-52"},"PeriodicalIF":0.0,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89984964","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Case Study of Agile Security Engineering: Building Identity Management for a Government Agency 敏捷安全工程案例研究:为政府机构建立身份管理
International journal of secure software engineering Pub Date : 2017-01-01 DOI: 10.4018/IJSSE.2017010103
Kalle Rindell, S. Hyrynsalmi, V. Leppänen
{"title":"Case Study of Agile Security Engineering: Building Identity Management for a Government Agency","authors":"Kalle Rindell, S. Hyrynsalmi, V. Leppänen","doi":"10.4018/IJSSE.2017010103","DOIUrl":"https://doi.org/10.4018/IJSSE.2017010103","url":null,"abstract":"Security concerns are increasingly guiding both the design and processes of software-intensive product development. In certain environments, the development of the product requires special security arrangements for development processes, product release, maintenance and hosting, and specific security-oriented processes and governance. Integrating the security engineering processes into agile development methods can have the effect of mitigating the agile methods' intended benefits. This article describes a case of a large ICT service provider building a secure identity management system for a sizable government agency. The project was a subject to strict security regulations due to the end product's critical role. The project was a multi-team, multi-site, standard-regulated security engineering and development work executed following the Scrum framework. The study reports the difficulties in combining security engineering with agile development, provides propositions to enhance Scrum for security engineering activities. Also, an evaluation of the effects of the security work on project cost presented.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"33 1","pages":"43-57"},"PeriodicalIF":0.0,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76205034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信