Abstract
Secure design principles (SDPs) are employed to be a solution against many types of attacks. However, it has been shown that software developers are not familiar with the notion of SDPs or do not know how to implement them in the design stage. This paper tries to bridge this gap by applying SDPs to a real-world software project, electronic promotion system (ePS), and commenting on the contribution of each SDP. Saltzer and Schroeder’s eight principles, along with three additional principles proposed by others, are chosen to be applied to ePS. The results indicate that most of the principles enumerated here were instrumental and applied in the ePS’s design. Most of the eleven SDPs, <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">economy of mechanism, fail-safe defaults, least privilege, least common mechanisms, sound authentication, defense in depth</i> , and <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">input validation</i> were implemented on ePS to a great extent. Others, namely <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">separation of privileges</i> and <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">psychological acceptability</i> , were applied to a limited extent. The remaining two principles, <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">complete mediation</i> and <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">open design</i> , did not play a vital role, as ePS by itself satisfies these two principles. Some contradictions and interrelations among the SDPs when they were applied were also debated. Taking into account the integration of ePS with other enterprise systems in the same organization, it was felt placing SDPs in a general context would be beneficial and sufficient. This work will bridge the gap between software practitioners and state-of-the-art research on software SDPs.
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
