Daniel Hein scite author profile

Information Security Journal: A Global Perspective

2009

This paper provides a taxonomy of secure software systems engineering (SSE) by surveying and organizing relevant SSE research and presents current trends in SSE, on-going challenges, and models for reasoning about threats and vulnerabilities. Several challenging questions related to risk assessment/mitigation (e.g., "what is the likelihood of attack") as well as practical questions (e.g., "where do vulnerabilities originate" and "how can vulnerabilities be prevented") are addressed.

A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes

Tetmeyer

Hein²,

2014

While software security has become an expectation, stakeholders often have difficulty expressing such expectations. Elaborate (and expensive) frameworks to identify, analyze, validate and incorporate security requirements for large software systems (and organizations) have been proposed, however, small organizations working within short development lifecycles and minimal resources cannot justify such frameworks and often need a light and practical approach to security requirements engineering that can be easily integrated into their existing development processes. This work presents an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small organizations. The approach is based on identifying candidate security goals using part of speech (POS) tagging, categorizing security goals based on canonical security definitions, and understanding the stakeholder goals to develop preliminary security requirements and to prioritize them. It uses a case study to validate the feasibility and effectiveness of the proposed approach.

A survey of client‐side Web threats and counter‐threat measures

Hein¹,

Morozov

2011

Security Comm Networks

The increasing frequency and malevolence of online security threats require that we consider new approaches to this problem. The existing literature focuses on the Web security problem from the server-side perspective. In contrast, we explore it from the client-side, considering the major types of threats. After a short threat summary, we discuss related research and existing countermeasures. We then examine intuitive human-oriented trust models and posit a flexible, multilayer framework to facilitate automated client-side decision making. The proposed suggestions are not intrusive and do not require advanced technical knowledge from end users.

Ubiquitous Computing

Hein¹,

INTRODUCTION Today's handheld devices, such as Personal Digital Assistants (PDAs) and PDA-based smart phones, are burgeoning with ever increasing multimedia capabilities. Already, current wireless and cellular technologies like Wi-Fi (802.11), 3G, and EV-DO/CDMA2000 enable streaming audio and video content to wireless handheld devices (Choi, Choi, and Bahk, 2007). Applications such as audio or video streaming, video conferencing, video surveillance, and web browser applications are

Predicting Attack Prone Software Components using Repository Mined Change Metrics

Hein¹,

2016

Identification of attack-prone entities is a crucial step toward improving the state of information security in modern software based systems. Recent work in the fields of empirical software engineering and defect prediction show promise toward identifying and prioritizing attack prone entities using information extracted from software version control repositories. Equipped with knowledge of the most vulnerable entities, organizations can efficiently allocate resources to more effectively leverage secure software development practices, isolating and expunging vulnerabilities before they are released in production products. Such practices include security reviews, automated static analysis, and penetration testing, among others. Efficiently focusing secure development practices on entities of greatest need can help identify and eliminate vulnerabilities in a more cost effective manner when compared to wholesale application for large products.