评估和提取SOFL形式化规范中的软件安全漏洞

2018 International Conference on Electronics, Information, and Communication (ICEIC) Pub Date : 1900-01-01 DOI:10.23919/ELINFOCOM.2018.8330613

Busalire Onesmus Emeka, Shaoying Liu

{"title":"评估和提取SOFL形式化规范中的软件安全漏洞","authors":"Busalire Onesmus Emeka, Shaoying Liu","doi":"10.23919/ELINFOCOM.2018.8330613","DOIUrl":null,"url":null,"abstract":"The growth of the internet has brought along positive gains such as the emergence of a highly interconnected world. However, on the flip side, there has been a growing concern on how secure distributed systems can be built effectively and tested for security vulnerabilities prior to deployment. Developing a secure software product calls for a deep technical understanding of some complex issues with regards to the software and its operating environment, as well as embracing a systematic approach of analyzing the software. This paper proposes a method for identifying software security vulnerabilities from software requirement specifications written in Structured Object-oriented Formal Language (SOFL). Our proposed methodology leverages on the concept of providing an early focus on security by identifying potential security vulnerabilities at the requirement analysis and verification phase of the software development life cycle.","PeriodicalId":413646,"journal":{"name":"2018 International Conference on Electronics, Information, and Communication (ICEIC)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Assessing and extracting software security vulnerabilities in SOFL formal specifications\",\"authors\":\"Busalire Onesmus Emeka, Shaoying Liu\",\"doi\":\"10.23919/ELINFOCOM.2018.8330613\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The growth of the internet has brought along positive gains such as the emergence of a highly interconnected world. However, on the flip side, there has been a growing concern on how secure distributed systems can be built effectively and tested for security vulnerabilities prior to deployment. Developing a secure software product calls for a deep technical understanding of some complex issues with regards to the software and its operating environment, as well as embracing a systematic approach of analyzing the software. This paper proposes a method for identifying software security vulnerabilities from software requirement specifications written in Structured Object-oriented Formal Language (SOFL). Our proposed methodology leverages on the concept of providing an early focus on security by identifying potential security vulnerabilities at the requirement analysis and verification phase of the software development life cycle.\",\"PeriodicalId\":413646,\"journal\":{\"name\":\"2018 International Conference on Electronics, Information, and Communication (ICEIC)\",\"volume\":\"44 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Electronics, Information, and Communication (ICEIC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/ELINFOCOM.2018.8330613\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Electronics, Information, and Communication (ICEIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ELINFOCOM.2018.8330613","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

互联网的发展带来了积极的成果，例如一个高度互联的世界的出现。然而，另一方面，人们越来越关注如何有效地构建安全的分布式系统，并在部署之前测试安全漏洞。开发安全的软件产品需要对软件及其操作环境的一些复杂问题有深刻的技术理解，并采用系统的方法分析软件。本文提出了一种从结构化面向对象形式语言(SOFL)编写的软件需求说明书中识别软件安全漏洞的方法。我们提出的方法利用了通过在软件开发生命周期的需求分析和验证阶段识别潜在的安全漏洞来提供早期关注安全性的概念。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Assessing and extracting software security vulnerabilities in SOFL formal specifications

The growth of the internet has brought along positive gains such as the emergence of a highly interconnected world. However, on the flip side, there has been a growing concern on how secure distributed systems can be built effectively and tested for security vulnerabilities prior to deployment. Developing a secure software product calls for a deep technical understanding of some complex issues with regards to the software and its operating environment, as well as embracing a systematic approach of analyzing the software. This paper proposes a method for identifying software security vulnerabilities from software requirement specifications written in Structured Object-oriented Formal Language (SOFL). Our proposed methodology leverages on the concept of providing an early focus on security by identifying potential security vulnerabilities at the requirement analysis and verification phase of the software development life cycle.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 International Conference on Electronics, Information, and Communication (ICEIC)

自引率

0.00%

发文量