一个具有可见性、跟踪、监控和意识的建筑安全协作平台。

H. Herath, G. Wimalaratne
{"title":"一个具有可见性、跟踪、监控和意识的建筑安全协作平台。","authors":"H. Herath, G. Wimalaratne","doi":"10.17706/IJCCE.2018.7.4.145-166","DOIUrl":null,"url":null,"abstract":"Software developed referring to a poor design often causes the introduction of security issues which could spread into other phases of the Software Development Life Cycle if not address in the initial stages. This could lead to major security breaches and loss of valuable assets to the consumers. Identifying and fixing security issues as early as possible in a software product is the most cost-effective way of implementing software security. This research proposes a proactive approach to build security into the product itself with the aid of a new tool developed as a proof of concept. The proposed semi-automatic tool will address limitations in current approaches to secure software engineering when developing a software product by providing visibility, tracking, awareness, and progress monitoring. Additionally Developers, Architects, QA, BA, and Management, as well as the Users, can participate in the Threat Modeling and architectural security analysis contributing their input for Security Engineering with the support provided by the tool as an interactive platform, a knowledge base and as an integration platform. The Microsoft Threat Modeling Tool is being used to generate the threat models. The tool extracts threat model information and produces detailed mitigations using known vulnerability databases and classification techniques. Developers can better understand the potential threats, vulnerabilities when coding and integration functionality with a Project Management Tool can provide visibility and tracking of Building Security In throughout SDLC.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":"29 1","pages":"145-166"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Collaborative Platform Featuring Visibility, Tracking, Monitoring and Awareness for Building Security In.\",\"authors\":\"H. Herath, G. Wimalaratne\",\"doi\":\"10.17706/IJCCE.2018.7.4.145-166\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software developed referring to a poor design often causes the introduction of security issues which could spread into other phases of the Software Development Life Cycle if not address in the initial stages. This could lead to major security breaches and loss of valuable assets to the consumers. Identifying and fixing security issues as early as possible in a software product is the most cost-effective way of implementing software security. This research proposes a proactive approach to build security into the product itself with the aid of a new tool developed as a proof of concept. The proposed semi-automatic tool will address limitations in current approaches to secure software engineering when developing a software product by providing visibility, tracking, awareness, and progress monitoring. Additionally Developers, Architects, QA, BA, and Management, as well as the Users, can participate in the Threat Modeling and architectural security analysis contributing their input for Security Engineering with the support provided by the tool as an interactive platform, a knowledge base and as an integration platform. The Microsoft Threat Modeling Tool is being used to generate the threat models. The tool extracts threat model information and produces detailed mitigations using known vulnerability databases and classification techniques. Developers can better understand the potential threats, vulnerabilities when coding and integration functionality with a Project Management Tool can provide visibility and tracking of Building Security In throughout SDLC.\",\"PeriodicalId\":23787,\"journal\":{\"name\":\"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering\",\"volume\":\"29 1\",\"pages\":\"145-166\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17706/IJCCE.2018.7.4.145-166\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/IJCCE.2018.7.4.145-166","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

基于糟糕设计开发的软件通常会导致引入安全问题,如果在初始阶段不加以解决,这些问题可能会蔓延到软件开发生命周期的其他阶段。这可能会导致重大的安全漏洞,并给消费者造成宝贵资产的损失。在软件产品中尽早识别和修复安全性问题是实现软件安全性的最经济有效的方法。本研究提出了一种主动的方法,通过开发作为概念验证的新工具的帮助,将安全性构建到产品本身。在开发软件产品时,提出的半自动工具将通过提供可见性、跟踪、感知和进度监控来解决当前安全软件工程方法中的限制。此外,开发人员、架构师、QA、BA和管理人员以及用户都可以参与威胁建模和体系结构安全分析,为安全工程提供他们的输入,并通过该工具作为交互平台、知识库和集成平台提供支持。微软威胁建模工具被用来生成威胁模型。该工具提取威胁模型信息,并使用已知的漏洞数据库和分类技术生成详细的缓解措施。当使用项目管理工具编码和集成功能时,开发人员可以更好地理解潜在的威胁和漏洞,项目管理工具可以在整个SDLC中提供可见性和跟踪构建安全性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
A Collaborative Platform Featuring Visibility, Tracking, Monitoring and Awareness for Building Security In.
Software developed referring to a poor design often causes the introduction of security issues which could spread into other phases of the Software Development Life Cycle if not address in the initial stages. This could lead to major security breaches and loss of valuable assets to the consumers. Identifying and fixing security issues as early as possible in a software product is the most cost-effective way of implementing software security. This research proposes a proactive approach to build security into the product itself with the aid of a new tool developed as a proof of concept. The proposed semi-automatic tool will address limitations in current approaches to secure software engineering when developing a software product by providing visibility, tracking, awareness, and progress monitoring. Additionally Developers, Architects, QA, BA, and Management, as well as the Users, can participate in the Threat Modeling and architectural security analysis contributing their input for Security Engineering with the support provided by the tool as an interactive platform, a knowledge base and as an integration platform. The Microsoft Threat Modeling Tool is being used to generate the threat models. The tool extracts threat model information and produces detailed mitigations using known vulnerability databases and classification techniques. Developers can better understand the potential threats, vulnerabilities when coding and integration functionality with a Project Management Tool can provide visibility and tracking of Building Security In throughout SDLC.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信