发布求助
文献互助 智能选刊 最新文献

International journal of secure software engineering最新文献

筛选
英文 中文
Jif-Based Verification of Information Flow Policies for Android Apps 基于jif的Android应用信息流策略验证
International journal of secure software engineering Pub Date : 2017-01-01 DOI: 10.4018/IJSSE.2017010102
Lina M. Jimenez, Martín Ochoa, S. Rueda
{"title":"Jif-Based Verification of Information Flow Policies for Android Apps","authors":"Lina M. Jimenez, Martín Ochoa, S. Rueda","doi":"10.4018/IJSSE.2017010102","DOIUrl":"https://doi.org/10.4018/IJSSE.2017010102","url":null,"abstract":"Android stores and users need mechanisms to evaluate whether their applications are secure or not. Although various previous works use data and control flow techniques to evaluate security features of Android applications, this paper extends those works by using Jif to verify compliance of information flow policies. To do so, the authors addressed some challenges that emerge in Android environments, like automatizing generation of Jif labels for Android applications, and defining translations for Java instructions that are not currently supported by the Jif compiler. Results show that a Jif-based analysis is faster and has a better recall than other available mechanisms, but it also has a slightly lower precision. Jif also provides an open source compiler, generates executable code for an application only if such application meets a defined policy, and checks implicit flows which may be relevant for highly sensitive applications.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"46 1","pages":"28-42"},"PeriodicalIF":0.0,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83958816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams 敏捷团队中软件安全技能、使用和培训需求的轻量级度量
International journal of secure software engineering Pub Date : 2017-01-01 DOI: 10.4018/IJSSE.2017010101
Tosin Daniel Oyetoyan, M. Jaatun, D. Cruzes
{"title":"A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams","authors":"Tosin Daniel Oyetoyan, M. Jaatun, D. Cruzes","doi":"10.4018/IJSSE.2017010101","DOIUrl":"https://doi.org/10.4018/IJSSE.2017010101","url":null,"abstract":"Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering process is unacceptable if it is perceived to run counter to the agile values, and agile teams have thus approached software security activities in their own way. To improve security within agile settings requires that management understands the current practices of software security activities within their agile teams. In this study, the authors have used a survey instrument to investigate software security usage, competence, and training needs in two agile organizations. They find that 1 The two organizations perform differently in terms of core software security activities, but are similar when secondary activities that could be leveraged for security are considered 2 regardless of cost or benefit, skill drives the kind of activities that are performed 3 Secure design is expressed as the most important training need by all groups in both organizations 4 Effective software security adoption in agile setting is not automatic, it requires a driver.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"38 1","pages":"1-27"},"PeriodicalIF":0.0,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74735909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Where to Integrate Security Practices on DevOps Platform 如何在DevOps平台上集成安全实践
International journal of secure software engineering Pub Date : 2016-10-01 DOI: 10.4018/IJSSE.2016100103
Hasan Yasar, Kiriakos Kontostathis
{"title":"Where to Integrate Security Practices on DevOps Platform","authors":"Hasan Yasar, Kiriakos Kontostathis","doi":"10.4018/IJSSE.2016100103","DOIUrl":"https://doi.org/10.4018/IJSSE.2016100103","url":null,"abstract":"\"Software security\" often evokes negative feelings amongst software developers because this term is associated with additional programming effort, uncertainty and road blocker activity on rapid development and release cycles. The Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems Taschner, 2015. Secure software should be focused on a proactive approach that limits the attack surface and produces reliable software. Secure DevOps developers want their software to bend but not break, which means the software absorbs attacks and continues to function. The burgeoning concepts of DevOps include a number of concepts that can be applied to increase the security of developed applications. Applying these and other DevOps principles can have a big impact on creating an environment that is resilient and secure. Specifically, this paper clearly explains how to address security concerns in the early stages of the development lifecycle and leverage that knowledge throughout the SDLC.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"23 1","pages":"39-50"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75350601","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Survey of Vulnerabilities and Mitigation Techniques for Mooc-Based Applications 基于mooc的应用程序的漏洞和缓解技术调查
International journal of secure software engineering Pub Date : 2016-10-01 DOI: 10.4018/IJSSE.2016100101
H. Shahriar, Hisham M. Haddad, David Lebron, Rubana Yasmin Lupu
{"title":"Survey of Vulnerabilities and Mitigation Techniques for Mooc-Based Applications","authors":"H. Shahriar, Hisham M. Haddad, David Lebron, Rubana Yasmin Lupu","doi":"10.4018/IJSSE.2016100101","DOIUrl":"https://doi.org/10.4018/IJSSE.2016100101","url":null,"abstract":"Massive Open Online Courses MOOCs are commonly hosted as web servers for learners worldwide to access education and learning materials at low cost. Many of the well-known MOOCs have adopted open source software and database technologies and frequently operate within cloud environments. It is likely that the well-known software security vulnerabilities may manifest to MOOC-based applications. Unfortunately, few studies have identified a set of common vulnerabilities applicable to MOOC-based applications. This paper1 presents an exploratory study of potential security vulnerabilities and challenges for MOOC platforms, and it provide some guidelines and suggestions to mitigate these concerns. This study helps practitioners educators and developers to adopt MOOC applications while considering potential vulnerabilities and be prepared to deal with these risks.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"2 1","pages":"1-18"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73011832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Vulnerability Discovery Modeling for Open and Closed Source Software 开源和闭源软件的漏洞发现建模
International journal of secure software engineering Pub Date : 2016-10-01 DOI: 10.4018/IJSSE.2016100102
Ruchi Sharma, R. Sibal, A. Shrivastava
{"title":"Vulnerability Discovery Modeling for Open and Closed Source Software","authors":"Ruchi Sharma, R. Sibal, A. Shrivastava","doi":"10.4018/IJSSE.2016100102","DOIUrl":"https://doi.org/10.4018/IJSSE.2016100102","url":null,"abstract":"With growing concern for security, the researchers began with the quantitative modeling of vulnerabilities termed as vulnerability discovery models VDM. These models aim at finding the trend of vulnerability discovery with time and facilitate the developers in patch management, optimal resource allocation and assessing associated security risks. Among the existing models for vulnerability discovery, Alhazmi-Malaiya Logistic Model AML is considered the best fitted model on all kinds of datasets. But, each of the existing models has a predefined basic shape and can only fit datasets following their basic shapes. Thus, shape of the dataset forms the decisive parameter for model selection. In this paper, the authors have proposed a new model to capture a wide variety of datasets irrespective of their shape accounting for better goodness of fit. The proposed model has been evaluated on three real life datasets each for open and closed source software and the models are ranked based on their suitability to discover vulnerabilities using normalized criteria distance NCD technique.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"22 1","pages":"19-38"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81421461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Migration Goals and Risk Management in Cloud Computing: A Review of State of the Art and Survey Results on Practitioners 云计算中的迁移目标和风险管理:现状回顾和从业者调查结果
International journal of secure software engineering Pub Date : 2016-07-01 DOI: 10.4018/IJSSE.2016070103
Shareeful Islam, Stefan Fenz, E. Weippl, Christos Kalloniatis
{"title":"Migration Goals and Risk Management in Cloud Computing: A Review of State of the Art and Survey Results on Practitioners","authors":"Shareeful Islam, Stefan Fenz, E. Weippl, Christos Kalloniatis","doi":"10.4018/IJSSE.2016070103","DOIUrl":"https://doi.org/10.4018/IJSSE.2016070103","url":null,"abstract":"Organizations are now seriously considering adopting cloud into the existing business context, but migrating data, application and services into cloud doesn't come without substantial risks. These risks are the significant barriers for the wider cloud adoption. There are works that consolidate the existing work on cloud migration and technology. However, there is no secondary study that consolidates the state of the art research and existing practice on risk management in cloud computing. It makes difficult to understand the risks management trend, maturity, and research gaps. This paper investigates the state of the art research and practices relating to risk management in cloud computing and discusses survey results on migration goals and risks. The survey participants are practitioners from both public and private organizations of two different locations, i.e., UK and Malaysia. The authors identify and classify the relevant literature and systematically compare the existing works and survey results. The results show that most of the existing works do not consider the existing organization and business context for the risk assessment. The authors' study results also reveal that risk management in cloud computing research and practice is still not in a mature stage but gradually advancing. Finally, they propose a risk assessment approach and determine the relative importance of the migration goals from two real migration use cases.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"41 1","pages":"44-73"},"PeriodicalIF":0.0,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77661526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Towards Ontological Approach to Security Risk Analysis of Information System: Model and Architecture 信息系统安全风险分析的本体论方法:模型与体系结构
International journal of secure software engineering Pub Date : 2016-07-01 DOI: 10.4018/IJSSE.2016070101
O. Arogundade, O. Adeniran, Zhi Jin, Xiaoguang Yang
{"title":"Towards Ontological Approach to Security Risk Analysis of Information System: Model and Architecture","authors":"O. Arogundade, O. Adeniran, Zhi Jin, Xiaoguang Yang","doi":"10.4018/IJSSE.2016070101","DOIUrl":"https://doi.org/10.4018/IJSSE.2016070101","url":null,"abstract":"Resource allocation decisions can be enhanced by performing risk assessment during the early development phase. In order to improve and maintain the security of the Information System IS, hereafter, there is need to build risk analysis model that can dynamically analyze threat data collected during the operational lifetime of the IS. In this paper the authors propose an ontological approach to accomplishing this goal. They present analyzer model and architecture, an agent-based risk analysis system ARAS which gathers identified threats events, probe them and correlates those using ontologies. It explores both quantitative and qualitative risk analysis techniques using real events data for probability predictions of threats based on an existing designed security ontology. To validate the feasibility of the approach a case study on e-banking system has been conducted. Simulated IDS output serves as input into the risk analysis system. The authors used JADE to implement the agents, protege OWL to create the ontology and ORACLE 11g SQL developer for the database. Optimistic results were obtained.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"102 1","pages":"1-25"},"PeriodicalIF":0.0,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82474057","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
An Exploratory Study of the Security Design Pattern Landscape and their Classification 安全设计模式景观及其分类的探索性研究
International journal of secure software engineering Pub Date : 2016-07-01 DOI: 10.4018/IJSSE.2016070102
Poonam Ponde, S. Shirwaikar
{"title":"An Exploratory Study of the Security Design Pattern Landscape and their Classification","authors":"Poonam Ponde, S. Shirwaikar","doi":"10.4018/IJSSE.2016070102","DOIUrl":"https://doi.org/10.4018/IJSSE.2016070102","url":null,"abstract":"Security is a critical part of information systems and must be integrated into every aspect of the system. It requires a lot of expertise to design and implement secure systems due to the broad coverage of security issues and threats. A good system design is based on sound software engineering principles which leverages proven best practices in the form of standard guidelines and design patterns. A design pattern represents a reusable solution to a recurring problem in a specific context. The current security design pattern landscape contains several patterns, pattern catalogs and pattern classification schemes. To apply appropriate patterns for a specific problem context, a deeper understanding of this domain is essential. A survey of patterns and their classification schemes will aid in understanding pattern coverage and identifying gaps. In this paper, the authors have presented a detailed exploratory study of the security design pattern landscape. Based on their study, the authors have identified shortcomings and presented future research directions.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"9 1","pages":"26-43"},"PeriodicalIF":0.0,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80899366","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
The Case for Privacy Awareness Requirements 隐私意识要求案例
International journal of secure software engineering Pub Date : 2016-04-01 DOI: 10.4018/IJSSE.2016040102
Inah Omoronyia
{"title":"The Case for Privacy Awareness Requirements","authors":"Inah Omoronyia","doi":"10.4018/IJSSE.2016040102","DOIUrl":"https://doi.org/10.4018/IJSSE.2016040102","url":null,"abstract":"Privacy awareness is a core determinant of the success or failure of privacy infrastructures: if systems and users are not aware of potential privacy concerns, they cannot effectively discover, use or judge the effectiveness of privacy management capabilities. Yet, privacy awareness is only implicitly described or implemented during the privacy engineering of software systems. In this paper, the author advocates a systematic approach to considering privacy awareness. He characterizes privacy awareness and illustrate its benefits to preserving privacy in a smart mobile environment. The author proposes privacy awareness requirements to anchor the consideration of privacy awareness needs of software systems. Based on these needs, an initial process framework for the identification of privacy awareness issues is proposed. He also argues that a systematic route to privacy awareness necessitates the investigation of an appropriate representation language, analysis mechanisms and understanding the socio-technical factors that impact the manner in which we regulate our privacy.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"10 1","pages":"19-36"},"PeriodicalIF":0.0,"publicationDate":"2016-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74659641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications 基于模糊规则的Web应用漏洞评估框架
International journal of secure software engineering Pub Date : 2016-04-01 DOI: 10.4018/IJSSE.2016040101
H. Shahriar, Hisham M. Haddad
{"title":"Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications","authors":"H. Shahriar, Hisham M. Haddad","doi":"10.4018/IJSSE.2016040101","DOIUrl":"https://doi.org/10.4018/IJSSE.2016040101","url":null,"abstract":"This paper addresses the problem of assessing risk in web application due to implementation level vulnerabilities. In particular, the authors address the common research challenge of finding enough historical data to compute the probability of vulnerabilities and exploitations. They develop a Fuzzy Logic based System FLS1 to compute the risk uniformly and to address the diversity of risks. The authors propose a set of crisp metrics that are used to define fuzzy sets. They also develop a set of rule-bases to assess the risk level. The proposed FLS can be a useful tool to aid application developers and industry practitioners to assess the risk and plan ahead for employing necessary mitigation approaches. The authors evaluate their proposed approach using three real-world web applications implemented in PHP, and apply it to four types of common vulnerabilities. The initial results indicate that the proposed FLS approach can effectively discover high risk applications.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"1 1","pages":"1-18"},"PeriodicalIF":0.0,"publicationDate":"2016-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75669750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信