Secure Software Development Research Articles

Secure software development: a prescriptive framework

As software development becomes more complex, security issues have an ever greater influence on software quality. Insecure software harms an organisation's reputation, increases costs and delays other development efforts. There is an urgent need for a change, to create a culture that factors in software security from the very beginning. A prescriptive framework, proposed by Dr Raees Khan, would equip software developers with easy-to-follow security guidelines in each phase while incorporating security during development. As software development becomes more complex, distributed and concurrent, security issues have an ever greater influence on software quality. 1 Insecure software harms an organisation's reputation with customers, partners and investors; it increases costs, as companies are forced to repair unreliable applications; and it delays other development efforts as limited resources are assigned to address current software deficiencies. Vulnerable software can be invaded and modified to cause damage to previously healthy software, and infected software can replicate itself and be carried across networks to cause damage in other systems.

Secure Software Configuration Management Processes for nuclear safety software development environment

The main difference between nuclear and generic software is that the risk factor is infinitely greater in nuclear software – if there is a malfunction in the safety system, it can result in significant economic loss, physical damage or threat to human life. However, secure software development environment have often been ignored in the nuclear industry. In response to the terrorist attacks on September 11, 2001, the US Nuclear Regulatory Commission (USNRC) revised the Regulatory Guide (RG 1.152-2006) “Criteria for use of computers in safety systems of nuclear power plants” to provide specific security guidance throughout the software development life cycle. Software Configuration Management (SCM) is an essential discipline in the software development environment. SCM involves identifying configuration items, controlling changes to those items, and maintaining integrity and traceability of them. For securing the nuclear safety software, this paper proposes a Secure SCM Processes (S 2CMP) which infuses regulatory security requirements into proposed SCM processes. Furthermore, a Process Flow Diagram (PFD) is adopted to describe S 2CMP, which is intended to enhance the communication between regulators and developers.

Building Secure Software Using XP

Security is an important and challenging aspect that needs to be considered at an early stage during software development. Traditional software development methodologies do not deal with security issues and so there is no structured guidance for security design and development; security is usually an afterthought activity. This paper discusses the integration of XP with security activities based on the CLASP (Comprehensive Lightweight Application Security Process) methodology. This integration will help developers using XP develop secure software by applying security measures in all phases and activities, thereby minimizing the security vulnerabilities exploited by attackers.

An Attack Surface Metric

Measurement of software security is a long-standing challenge to the research community. At the same time, practical security metrics and measurements are essential for secure software development. Hence, the need for metrics is more pressing now due to a growing demand for secure software. In this paper, we propose using a software system's attack surface measurement as an indicator of the system's security. We formalize the notion of a system's attack surface and introduce an attack surface metric to measure the attack surface in a systematic manner. Our measurement method is agnostic to a software system's implementation language and is applicable to systems of all sizes; we demonstrate our method by measuring the attack surfaces of small desktop applications and large enterprise systems implemented in C and Java. We conducted three exploratory empirical studies to validate our method. Software developers can mitigate their software's security risk by measuring and reducing their software's attack surfaces. Our attack surface reduction approach complements the software industry's traditional code quality improvement approach for security risk mitigation and is useful in multiple phases of the software development lifecycle. Our collaboration with SAP demonstrates the use of our metric in the software development process.

Constructing Authorization Systems Using Assurance Management Framework

Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.

The ISDF Framework: Towards Secure Software Development

The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals. This study demonstrates that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. The goal of this study is to provide developers with an Integrated Security Development Framework (ISDF) that can assist them in building more secure software.

A Security Metrics Taxonomization Model for Software-Intensive Systems

We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

An Analysis of the Robustness and Stability of the Network Stack in Symbian-based Smartphones

Smartphones are widely used today and their popularity will certainly not slow down in the near future due to improved functionality and new technology improvements. Becoming more and more similar to PCs and laptops, they will also begin to face the same security problems especially in terms of network security. In a previous paper, we have provided a detailed analysis of security issues along with penetration test results for Windows Mobile 5.0 platform based smartphones. In this paper, we extend our vulnerability testing with two more smartphones, both based on the Symbian 9.1 OS. A number of attacks have been done to test the stability of the network stack of the Symbian OS. Detailed results are provided from the tests performed and several vulnerabilities that can render the devices unusable have been found. The results should be very useful for security professionals, researchers and OS vendors and will hopefully result in more attention to be paid to security issues in smartphones and trigger the development of more secure software for mobile operating systems. The findings could also be of interest for end-users who are searching for the most stable platform for mobile applications where security and reliability are key factors.

Automated verification of security pattern compositions

Software security becomes a critically important issue for software development when more and more malicious attacks explore the security holes in software systems. To avoid security problems, a large software system design may reuse good security solutions by applying security patterns. Security patterns document expert solutions to common security problems and capture best practices on secure software design and development. Although each security pattern describes a good design guideline, the compositions of these security patterns may be inconsistent and encounter problems and flaws. Therefore, the compositions of security patterns may be even insecure. In this paper, we present an approach to automated verification of the compositions of security patterns by model checking. We formally define the behavioral aspect of security patterns in CCS through their sequence diagrams. We also prove the faithfulness of the transformation from a sequence diagram to its CCS representation. In this way, the properties of the security patterns can be checked by a model checker when they are composed. Composition errors and problems can be discovered early in the design stage. We also use two case studies to illustrate our approach and show its capability to detect composition errors.

Measuring the vulnerability of an object-oriented design

Secure software development is still an underexplored topic for many organisations, who failed to design security in at the early stage of the development process. The issue is complicated by advanced software architectural concepts, such as object oriented design, in which multiple pieces of software inherit characteristics and methods from each other. This article discusses a practical approach to assessing vulnerabilities within object oriented designs, taking into account object-based principles such as inheritance and polymorphism. Traditional approaches to security focus primarily on antivirus, firewalls, intrusion detection, and so on.^1 In spite of these protection, the attacks continue, and data breaches and other losses are escalating. This proves that network security alone cannot protect application from attacks. What else is missing?

On the secure software development process: CLASP, SDL and Touchpoints compared

Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet dedicated processes have been proposed only recently. In this paper, three high-profile processes for the development of secure software, namely OWASP’s CLASP, Microsoft’s SDL and McGraw’s Touchpoints, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.

Secure software development: Why the development world awoke to the challenge

From the beginning of the information security age 20 years ago, CIOs have asked over and over, “when will programmers stop making security mistakes?” But other than highly visible efforts by a few large software vendors, the software development community has not heard the question. At least they have not responded until now. More than 40 large organizations, from Tata Consulting Services (the largest outsourcer in India) to Intel, from Boeing to Siemens, have joined together to raise the visibility of secure software development – and they are having an impact. This article chronicles the forces that brought the consortium together and the steps that they have taken to improve the practice of secure coding throughout the development lifecycle.

Using Attack Graphs to Design Systems

On a recent project, the authors found informal attack graphs were helpful in the iterative design of a system used to protect sensitive data at a customer site. In this article, they use a snippet from the project's design to illustrate the value of using attack graphs in a secure software development life cycle.

A programming environment for ubiquitous computing environment

The goal of this research is to provide an advanced programming environment for ubiquitous computing, which facilitates the development of secure and reliable ubiquitous software. A discussion follows on the design and implementation of a ubiquitous programming framework, which is based on high-level policy description language. A context-based access control manager(CACM) was implemented for context-aware access control, while an adaptation engine was integrated for context adaptation in dynamically changing environments. A simulator was also implemented for conducting experiments with this framework for ubiquitous applications.

A qualitative analysis of software security patterns

Software security, which has attracted the interest of the industrial and research community during the last years, aims at preventing security problems by building software without the so-called security holes. One way to achieve this goal is to apply specific patterns in software architecture. In the same way that the well-known design patterns for building well-structured software have been defined, a new kind of patterns called security patterns have emerged. These patterns enable us to incorporate a level of security already at the design phase of a software system. There exists no strict set of rules that can be followed in order to develop secure software. However, a number of guidelines have already appeared in the literature. Furthermore, the key problems in building secure software and major threat categories for a software system have been identified. An attempt to evaluate known security patterns based on how well they follow each principle, how well they encounter with possible problems in building secure software and for which of the threat categories they do take care of, is performed in this paper. Thirteen security patterns were evaluated based on these three sets of criteria. The ability of some of these patterns to enhance the security of the design of a software system is also examined by an illustrative example of fortifying a published design.

SECURE SOFTWARE DEVELOPMENT USING USE CASES AND MISUSE CASES

There is a need to inculcate in students the idea of secure system development. This paper investigates the application of use cases to the identification of security threats and security requirements; these can then be incorporated into the software design and implementation and used as a basis for testing. The method is easy to teach and easy to use. It provides a highly organized way of thinking about security early in the software life cycle. It can be a tool to inculcate secure software development among students.

Bridging the Gap between Software Development and Information Security

Traditionally, software development efforts in large corporations have been about as far removed from information security as they were from human resources or any other business function. Software development has also had the tendency to be highly distributed among business units and thus not even practiced in a cohesive, coherent manner. In the worst cases, busy business unit executives trade roving bands of developers like Pokemon cards in a fifth-grade classroom (in an attempt to get ahead). Suffice it to say, none of this is good. The disconnect between security and development has ultimately produced software development efforts that lack any sort of contemporary understanding of technical security risks. Today's complex and highly connected computing environments trigger myriad security concerns, so by blowing off the idea of security entirely, software builders virtually guarantee that their creations have way too many security weaknesses that could - and should - have been avoided. This article presents some recommendations for solving this problem. Our approach is born out of experience in two diverse fields: software security and information security. Central among our recommendations is the notion of using the knowledge inherent in information security organizations to enhance secure software development efforts.

Secure Software Development by Example

When trying to incorporate security into a program, software developers face either too much theoretical information that they cannot apply or exhaustive and discouraging recommendation lists. This article gives an overview of security concerns at each step of a project's life cycle.

RUPSec: An Extension on RUP for Developing Secure Systems - Requirements Discipline

� Abstract— The world is moving rapidly toward the deployment of information and communication systems. Nowadays, computing systems with their fast growth are found everywhere and one of the main challenges for these systems is increasing attacks and security threats against them. Thus, capturing, analyzing and verifying security requirements becomes a very important activity in development process of computing systems, specially in developing systems such as banking, military and e-business systems. For developing every system, a process model which includes a process, methods and tools is chosen. The Rational Unified Process (RUP) is one of the most popular and complete process models which is used by developers in recent years. This process model should be extended to be used in developing secure software systems. In this paper, the Requirement Discipline of RUP is extended to improve RUP for developing secure software systems. These proposed extensions are adding and integrating a number of Activities, Roles, and Artifacts to RUP in order to capture, document and model threats and security requirements of system. These extensions introduce a group of clear and stepwise activities to developers. By following these activities, developers assure that security requirements are captured and modeled. These models are used in design, implementation and test activities.

Processes for producing secure software

Summarizes work initiated at the National Cybersecurity Summit, held 2-3 December 2003 in Santa Clara, California. Attendees representing industry, academia, and the US Department of Homeland (DHS) formed five task forces to focus on specific topic areas. This report describes, the key problems and recommendations identified by the Software Process subgroup of the Security Across the Software Development Lifecycle task force. Producing secure software is a multifaceted problem of software engineering, security engineering, and management. Thus, producing secure software starts with outstanding software engineering practices, augmented with sound technical practices, and supported by management practices that promote secure software development. We discuss these practices.