发布求助
文献互助 智能选刊 最新文献

International journal of secure software engineering最新文献

筛选
英文 中文
An Incremental B-Model for RBAC-Controlled Electronic Marking System rbac控制电子标记系统的增量b模型
International journal of secure software engineering Pub Date : 2016-04-01 DOI: 10.4018/IJSSE.2016040103
Nasser Al-Hadhrami, B. Aziz, L. B. Othmane
{"title":"An Incremental B-Model for RBAC-Controlled Electronic Marking System","authors":"Nasser Al-Hadhrami, B. Aziz, L. B. Othmane","doi":"10.4018/IJSSE.2016040103","DOIUrl":"https://doi.org/10.4018/IJSSE.2016040103","url":null,"abstract":"The incremental development of software through the addition of new features and the insertion of new access rules potentially renders the access control models inconsistent and creates security flaws. This paper proposes modeling Role Based Access Control RBAC models of these software using the B language and re-evaluating the consistency of the models following model changes. It shows the mechanism of formalizing RBAC policies of an Electronic Marking System EMS using B specifications and illustrates the verification of the consistency of the RBAC specification, using model checking and proof obligations. In addition, it shows how to address inconsistencies that result from incremental specification of system' architectures.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"222 1","pages":"37-64"},"PeriodicalIF":0.0,"publicationDate":"2016-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72683893","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Agile Threat Assessment and Mitigation: An Approach for Method Selection and Tailoring 敏捷威胁评估与缓解:一种方法选择与裁剪的方法
International journal of secure software engineering Pub Date : 2016-01-01 DOI: 10.4018/IJSSE.2016010101
C. Teichmann, Stephan Renatus, Jörn Eichler
{"title":"Agile Threat Assessment and Mitigation: An Approach for Method Selection and Tailoring","authors":"C. Teichmann, Stephan Renatus, Jörn Eichler","doi":"10.4018/IJSSE.2016010101","DOIUrl":"https://doi.org/10.4018/IJSSE.2016010101","url":null,"abstract":"Security engineering and agile development are often perceived as a clash of cultures. To address this clash, several approaches have been proposed that allow for agile security engineering. Unfortunately, agile development organizations differ in their actual procedures and environmental properties resulting in varying requirements. The authors propose an approach to compare and select methods for agile security engineering. Furthermore, their approach addresses adaptation or construction of a tailored method taking the existing development culture into account. The authors demonstrate the feasibility of their proposal and report early experiences from its application within a small development organization for digital solutions in the automotive domain.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"36 1","pages":"1-16"},"PeriodicalIF":0.0,"publicationDate":"2016-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86767124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Evaluation of the Challenges of Developing Secure Software Using the Agile Approach 使用敏捷方法开发安全软件的挑战评估
International journal of secure software engineering Pub Date : 2016-01-01 DOI: 10.4018/IJSSE.2016010102
H. Oueslati, M. M. Rahman, L. B. Othmane, I. Ghani, Adila Firdaus Bt Arbain
{"title":"Evaluation of the Challenges of Developing Secure Software Using the Agile Approach","authors":"H. Oueslati, M. M. Rahman, L. B. Othmane, I. Ghani, Adila Firdaus Bt Arbain","doi":"10.4018/IJSSE.2016010102","DOIUrl":"https://doi.org/10.4018/IJSSE.2016010102","url":null,"abstract":"A set of challenges of developing secure software using the agile development approach and methods are reported in the literature. This paper reports about a systematic literature review to identify these challenges and evaluate the causes of each of these challenges, with respect to the agile values, the agile principles, and the security assurance practices. The authors identified in this study 20 challenges, which are reported in 28 publications. They found that 14 of these challenges are valid and 6 are neither caused by agile values and principles, nor by the security assurance practices. The authors also found that 2 of the valid challenges are related to the software development life-cycle, 4 are related to incremental development, 4 are related to security assurance, 2 are related to awareness and collaboration, and 2 are related to security management. These results justify the need for research to make developing secure software smooth.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"632 1","pages":"17-37"},"PeriodicalIF":0.0,"publicationDate":"2016-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76811307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
An Introduction to Remote Installation Vulnerability in Content Management Systems 内容管理系统中的远程安装漏洞介绍
International journal of secure software engineering Pub Date : 2015-10-01 DOI: 10.4018/IJSSE.2015100103
M. Dadkhah, Shahaboddin Shamshirband
{"title":"An Introduction to Remote Installation Vulnerability in Content Management Systems","authors":"M. Dadkhah, Shahaboddin Shamshirband","doi":"10.4018/IJSSE.2015100103","DOIUrl":"https://doi.org/10.4018/IJSSE.2015100103","url":null,"abstract":"","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"53 1","pages":"52-63"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85086143","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Supporting Consistency during the Development and Evolution of Quality Unified Use-Misuse Case Models 在质量统一用例模型的开发和演化过程中支持一致性
International journal of secure software engineering Pub Date : 2015-10-01 DOI: 10.4018/IJSSE.2015100101
M. El-Attar
{"title":"Supporting Consistency during the Development and Evolution of Quality Unified Use-Misuse Case Models","authors":"M. El-Attar","doi":"10.4018/IJSSE.2015100101","DOIUrl":"https://doi.org/10.4018/IJSSE.2015100101","url":null,"abstract":"In the domain of scenario-based modeling, use case modeling has been extended several times to introduce security related concepts such as misuse, abuse, vulnerability and safeguarding. The most advanced model is the Unified Use-Misuse Case Model (UUMCM) (Arogundade et. al., 2011). A low quality UUMCM will not only cause the development of a system that does not meet its business requirements, but also a system that is insecure. This paper proposes an authoring structure that specifically designed to improve one particular quality attribute; structural consistency. Automation support has been developed for this structure. Two different approaches have been used to demonstrate the feasibility and application of the proposed structure. In both validation approaches, the results show that the structure can be used to ensure structural consistency in UUMCMs throughout their development and evolution.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"10 1","pages":"1-31"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91375922","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy 基于一种新的安全需求分类的MFC网络安全模型的扩展和实际实现
International journal of secure software engineering Pub Date : 2015-10-01 DOI: 10.4018/IJSSE.2015100102
N. Rjaibi, Latifa Ben Arfa Rabai
{"title":"Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy","authors":"N. Rjaibi, Latifa Ben Arfa Rabai","doi":"10.4018/IJSSE.2015100102","DOIUrl":"https://doi.org/10.4018/IJSSE.2015100102","url":null,"abstract":"In security risk management practices if we cannot measure, we can neither control nor improve. A challenging issue in the context of cyber security is to deal with the orthogonal classification of security requirements. A literature review has shown that there are different models of security requirements. Everyone examines some requirements and neglects others. In this paper, the authors intend to answer the question: what taxonomy of security requirements should we use in a security quantification process? It is thus imperative to build a standard, unified and hierarchical taxonomy which incorporates 13 security requirements and then refined in layer into 31 sub-factors referring to the variety of the proposed models based on previous works. The Mean Failure Cost model (MFC) is a recent, strong and structural risk management model. It is a cascade of linear models to quantify security threats in term of loss that results from system's vulnerabilities. It computes for each system's stakeholders his loss of operation ($/H) while taking account of its respective users, security requirements, system's components and the complete list of security threats. The proposed taxonomy is used to optimize quantification using the MFC metric by reducing the redundancy in estimating the security requirements values, and increasing accuracy in estimation. The authors applied the expansion of the MFC model to the context of e-learning platforms.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"510 1","pages":"32-51"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85629346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
An Alternative Threat Model-based Approach for Security Testing 一种基于威胁模型的安全测试方法
International journal of secure software engineering Pub Date : 2015-07-01 DOI: 10.4018/IJSSE.2015070103
B. Falah, Mohammed Akour, Samia Oukemeni
{"title":"An Alternative Threat Model-based Approach for Security Testing","authors":"B. Falah, Mohammed Akour, Samia Oukemeni","doi":"10.4018/IJSSE.2015070103","DOIUrl":"https://doi.org/10.4018/IJSSE.2015070103","url":null,"abstract":"In modern interaction, web applications has gained more and more popularity, which leads to a significate growth of exposure to malicious users and vulnerability attacks. This causes organizations and companies to lose valuable information and suffer from bad reputation. One of the effective mitigation practices is to perform security testing against the application before release it to the market. This solution won't protect web application 100% but it will test the application against malicious codes and reduce the high number of potential attacks on web application. One of known security testing approach is threat modeling, which provides an efficient technique to identify threats that can compromise system security. The authors proposed method, in this paper, focuses on improving the effectiveness of the categorization of threats by using Open 10 Web Application Security Project's OWASP that are the most critical web application security risks in generating threat trees in order to cover widely known security attacks.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"199 1","pages":"50-64"},"PeriodicalIF":0.0,"publicationDate":"2015-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84608754","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Method Using Command Abstraction Library for Iterative Testing Security of Web Applications 使用命令抽象库迭代测试Web应用程序安全性的方法
International journal of secure software engineering Pub Date : 2015-07-01 DOI: 10.4018/IJSSE.2015070102
S. Munetoh, Nobukazu Yoshioka
{"title":"Method Using Command Abstraction Library for Iterative Testing Security of Web Applications","authors":"S. Munetoh, Nobukazu Yoshioka","doi":"10.4018/IJSSE.2015070102","DOIUrl":"https://doi.org/10.4018/IJSSE.2015070102","url":null,"abstract":"A framework based on a scripting language is commonly used in Web application development, and high development efficiency is often achieved by applying several Agile development techniques. However, the adaptation of security assurance techniques to support Agile development is still underway, particularly from the developer's perspective. The authors have addressed this problem by developing an iterative security testing method that splits the security test target application into two parts on the basis of the code lifecycle, application logic \"active development code\" and framework \"used code\". For the former, detailed security testing is conducted using static analysis since it contains code that is changed during the iterative development process. For the latter, an abstraction library at the command granularity level is created and maintained. The library identifies the behavior of an application from the security assurance standpoint. This separation reduces the amount of code to be statically inspected and provides a mechanism for sharing security issues among application developers using the same Web application framework. Evaluation demonstrated that this method can detect various types of Web application vulnerabilities.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"33 1","pages":"26-49"},"PeriodicalIF":0.0,"publicationDate":"2015-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83536792","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Request and Response Analysis Framework for Mitigating Clickjacking Attacks 缓解点击劫持攻击的请求和响应分析框架
International journal of secure software engineering Pub Date : 2015-07-01 DOI: 10.4018/IJSSE.2015070101
H. Shahriar, Hisham M. Haddad, V. Devendran
{"title":"Request and Response Analysis Framework for Mitigating Clickjacking Attacks","authors":"H. Shahriar, Hisham M. Haddad, V. Devendran","doi":"10.4018/IJSSE.2015070101","DOIUrl":"https://doi.org/10.4018/IJSSE.2015070101","url":null,"abstract":"This paper addresses the detection of clickjacking attacks, which is an emerging web application security issue. The authors propose a web application request and response page analysis framework to detect clickjacking attacks. Their framework considers not only inspects visual features related to frame, JavaScript code pattern in details to match with known attack signatures. The proposed approach is able to detect advanced clickjacking attacks such as cursorjacking, double click, and history object-based attacks. The authors evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that their approach has low false positive and false negative rates. The overhead imposed by the proposed approach is negligible.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"20 1","pages":"1-25"},"PeriodicalIF":0.0,"publicationDate":"2015-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80218801","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Using Attack Graphs to Analyze Social Engineering Threats 使用攻击图分析社会工程威胁
International journal of secure software engineering Pub Date : 2015-04-01 DOI: 10.4018/IJSSE.2015040103
Kristian Beckers, Leanid Krautsevich, A. Yautsiukhin
{"title":"Using Attack Graphs to Analyze Social Engineering Threats","authors":"Kristian Beckers, Leanid Krautsevich, A. Yautsiukhin","doi":"10.4018/IJSSE.2015040103","DOIUrl":"https://doi.org/10.4018/IJSSE.2015040103","url":null,"abstract":"The acquisition of information about computer systems by mostly non-technical means is called social engineering. Most critical systems are vulnerable to social threats, even when technical security is high. Social engineering is a technique that: i does not require any advanced technical tools, ii can be used by anyone, iii is cheap, iv almost impossible to eliminate completely. The integration of social engineering attackers with other attackers, such as software or network ones, is missing so far. Existing research focuses on classifying and analyzing social engineering attacks. The authors' contribution is to consider social engineering exploits together with technical vulnerabilities. The authors introduce a method for the integration of social engineering exploits into attack graphs and propose a simple quantitative analysis of the graphs that helps to develop a comprehensive defensive strategy.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"89 1","pages":"47-69"},"PeriodicalIF":0.0,"publicationDate":"2015-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89061757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信