Meta-Modeling Based Secure Software Development Processes

Essafi, Mehrez; Ghézala, Henda Ben

doi:10.4018/ijsse.2014070104

Cited by 4 publications

(3 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A policy or security method (Table V) can be introduced through a standard, model, rule, principle or security directive (Essafi and Ben Ghazela, 2014). Given the SOA deployment, there are significant security vulnerabilities and security needs become critical.…”

Section: The Personalized Secure Composition Frameworkmentioning

confidence: 99%

A comprehensive framework for evaluating web services composition methods

Abidi

Fakhri

Essafi

et al. 2019

IJWIS

Self Cite

View full text Add to dashboard Cite

Purpose Web services composition engineering (WSCE) is a big challenge because of the increasing complexity, openness and extensibility of services based on the information system (IS). In the absence of an adequate framework for IS engineering, the authors assume that the overall problem is consequently no longer easy to resolve. This paper aims to explore some of the issues underlying WSCE through a framework, which is built based on the state of the art. The proposed framework is structured around five views that mainly highlight aspects of personalization and security concerns. The main objectives of this framework are: to help understand and clarify the basics of the WSCE domain; to evaluate web services composition (WSC) methods; to analyze and compare existing personalization, secure methods and identify new research axes; and to identify the main criteria of the ongoing approach for the design of a secure IS based on personalized WSC. Design/methodology/approach This work develops a framework that is used as an analytical study to compare the existing WSCE methods and come up with research issues. Then, the proposed framework is considered as an abstract model for the new WSCE approach. Findings A set of criteria that the proposed framework should consider when developing a new approach to a secure IS based on personalized WSs composition. Research limitations/implications The paper has theoretical implications as the personalization and security issues provide a research roadmap toward the realization of an approach for the design of a secure IS based on personalized WSs composition. Practical implications As proof, the authors are interested in a web services repository of a real mall. To do this, the authors deployed the application in a cloud environment and observed the results of personalization and security concepts in WSCE. Originality/value None of the existing comparison frameworks has raised both personalization and security issues in WSs composition, while personalization and security must be present in the whole composition process.

show abstract

Section: The Personalized Secure Composition Frameworkmentioning

confidence: 99%

A comprehensive framework for evaluating web services composition methods

Abidi

Fakhri

Essafi

et al. 2019

IJWIS

Self Cite

View full text Add to dashboard Cite

show abstract

“…Additionally, existing test methodologies, for example, unit testing or incorporation testing work for testing usefulness. These must be stretched out keeping in mind the end goal to suit express security testing .…”

Section: Introductionmentioning

confidence: 99%

“…Developing high‐quality software is a labor‐intensive, complex task. It involves additional security‐dedicated activities that are usually omitted in traditional SDLC . Because most developers are not trained in software security, Daud also stressed the importance of security requirements at each phase of the software life cycle in iterative development.…”

Section: Introductionmentioning

confidence: 99%

The practice of secure software development in SDLC: an investigation through existing model and a case study

Karim

Albuolayan

Saba

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

Software security is an essential requirement for software systems. However, recent investigation indicates that many software development methodologies do not explicitly include methods for incorporating information security into the software development life cycles (SDLC). This research investigates, using case study, the methodologies being used in software development in Saudi Arabia and describes a model for integrating security into the SDLC. The aim is to identify the appropriate means of introducing security measures much earlier in the SDLC. This model is designed to be an extension to the existing SDLC. For achieving the research objectives and answering the research questions, the research followed a case study research design in an information‐based organization. The research identified various important elements as security standards, policies, processes being practiced, and tools used within SDLC projects. In this regard, recommendations and verification were gathered to elicit the actual activities that are appropriate to be conducted at each phase of SDLC. The non‐functional security requirements were also found, to the use of fortify and hp alm for source code review and web application testing. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Evaluation of the Software Development Life Cycle Model with Value of Testing and Quality Control

Singh

Annamalai

2022

2022 International Interdisciplinary Humanitarian Conference for Sustainability (IIHC)

View full text Add to dashboard Cite

Meta-Modeling Based Secure Software Development Processes

Cited by 4 publications

References 30 publications

A comprehensive framework for evaluating web services composition methods

A comprehensive framework for evaluating web services composition methods

The practice of secure software development in SDLC: an investigation through existing model and a case study

Evaluation of the Software Development Life Cycle Model with Value of Testing and Quality Control

Contact Info

Product

Resources

About