2022
DOI: 10.1109/access.2022.3227434
|View full text |Cite
|
Sign up to set email alerts
|

Exploring How to Apply Secure Software Design Principles

Abstract: Secure design principles (SDPs) are employed to be a solution against many types of attacks. However, it has been shown that software developers are not familiar with the notion of SDPs or do not know how to implement them in the design stage. This paper tries to bridge this gap by applying SDPs to a real-world software project, electronic promotion system (ePS), and commenting on the contribution of each SDP. Saltzer and Schroeder's eight principles, along with three additional principles proposed by others, … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3

Citation Types

0
3
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
4
1
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 7 publications
(3 citation statements)
references
References 16 publications
(32 reference statements)
0
3
0
Order By: Relevance
“…Secure design principles: Since this study focuses on the feasibility of the executable adversarial attack and retraining a robust deep learning model against these attacks, the implementation of these models should comply with the application-level secure design principles [38]. Due to the limited effect, we leave this part for our future work.…”
Section: Limitations and Secure Design Principlesmentioning
confidence: 99%
“…Secure design principles: Since this study focuses on the feasibility of the executable adversarial attack and retraining a robust deep learning model against these attacks, the implementation of these models should comply with the application-level secure design principles [38]. Due to the limited effect, we leave this part for our future work.…”
Section: Limitations and Secure Design Principlesmentioning
confidence: 99%
“…This two-step strategy enables us to proficiently accomplish the malware classification task, optimizing it effectively, with each step addressing distinct optimization objectives. To meet the security design requirements, the method applies some principles [39] to work, including economy mechanisms, open design, and input validation. We keep the overall architecture consistent with the Transformer, with the only introduction of the local attention module to avoid the complexity caused by excessive modifications.…”
Section: Overview and Design Principlesmentioning
confidence: 99%
“…We make assumptions on the input, so we need to apply the validation, including checking if the API call is legal from the system library and validating the input of the API pair for the model. In addition, more privilege To meet the security design requirements, the method applies some principles [39] to work, including economy mechanisms, open design, and input validation. We keep the overall architecture consistent with the Transformer, with the only introduction of the local attention module to avoid the complexity caused by excessive modifications.…”
Section: Overview and Design Principlesmentioning
confidence: 99%