SADP: Security assurance development process for building reliable Linux-based operating system

Lan, Yuqing; Han, Tao

doi:10.1109/compcomm.2015.7387539

Cited by 4 publications

(2 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using a quantitative approach, they were able to assess the impact of security on usability and the impact of usability on security. A security assurance development process (SADP) model has been introduced in [109]. This model comprises of institutional security awareness programme, documentation of security-relevant requirements, application of security principles to design, performing source code level review, implementing and performing security tests, security review as well as risk management.…”

Section: Security Models and Frameworkmentioning

confidence: 99%

Software security models and frameworks: an overview and current trends

Korir¹

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

The continued dependence on information technology applications has led to the adoption of electronic channels and software applications to support businesses, online transactions and communications. In this perspective, both functional and non-functional requirements are critical for the provision of necessary needs at the early phases of the software development process. This is specifically important in the requirement phase of the software development process. Software security is increasingly becoming a necessity concern in this environment. Unfortunately, security concepts such as access control requirements are mostly considered after the functional requirement definition stage. In addition, majority of the developers and organizations regard security as an activity that can be incorporated after the development of a system. This leads to flaws and security defects in the access control mechanism. Therefore, software security issues must be given higher priority in the early stages of the development process. The aim of this paper is to offer a survey of the software security techniques, frameworks and models that have been developed to deal with these issues. The results obtained indicate that software vulnerabilities have made it possible for attackers to exploit them to cause havoc in computerized systems and has become one of the most critical risks facing modern corporate networks. Since most of these vulnerabilities involve exploitable weaknesses introduced through badly written code, the cyber security community has tried to come up with techniques to enhance software products.

show abstract

Section: Security Models and Frameworkmentioning

confidence: 99%

Software security models and frameworks: an overview and current trends

Korir¹

2023

World J. Adv. Eng. Technol. Sci.

View full text Add to dashboard Cite

show abstract

“…As a result, security assurance development process (SADP) model is required. Lan and Han[62] The model consists of an institute security awareness program, documentation of security-relevant requirements, application of security principles to design, performing source code level review, implementing and performing security tests, security review, and risk…”

mentioning

confidence: 99%

System Security Assurance: A Systematic Literature Review

Shukla¹,

Katt²,

Nweke³

et al. 2021

Preprint

View full text Add to dashboard Cite

Security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We systematically review the requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We shed light on the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Systems security.

show abstract

A quantitative framework for security assurance evaluation and selection of cloud services: a case study

Shukla

Katt

Yamin

2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Due to the high adoption of cloud services, the protection of data and information is critical. Cloud service customers (CSCs) need help to obtain the authoritative assurances required for the cloud services and negotiate the cloud service contract based on the terms and conditions set by cloud service providers (CSPs). Several standards and guidelines are available for assessing cloud security. However, most of these standards and guidelines are complex and time-consuming to select a service or make an informed decision for CSCs. Moreover, the existing methods are insufficient to solve this problem because they are process-oriented, neglect the importance of stakeholder requirements, and lack a comprehensive and rigid analytic method that can aid decision-makers in making the right decisions. In this paper, we developed two evaluation techniques: (i) a quantitative cloud security assurance method to assess the security level of cloud services by measuring the critical security properties and (ii) a novel and rigid categorical analytical method that enables CSPs to identify the major problems in the system and assess how much gain can be achieved by solving each of them. The cloud security assurance method is based on two important metrics: security requirement and vulnerability. It assists CSCs in avoiding severe mistakes and making informed decisions while selecting a cloud service. Moreover, these methods support CSPs in improving the security level of cloud services and meet customer requirements. The proposed methods are validated using different case scenarios on a private cloud platform.

show abstract

SADP: Security assurance development process for building reliable Linux-based operating system

Cited by 4 publications

References 15 publications

Software security models and frameworks: an overview and current trends

Software security models and frameworks: an overview and current trends

System Security Assurance: A Systematic Literature Review

A quantitative framework for security assurance evaluation and selection of cloud services: a case study

Contact Info

Product

Resources

About