Secure Software Engineering: A New Paradigm

Conklin, Wm. Arthur; Dietrich, Glenn

doi:10.1109/hicss.2007.477

Cited by 10 publications

(11 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To the best of our knowledge, there are few studies that focus explicitly on the application of such theories in teaching of software security. For example, Laschi and Riccioni (2008) and Pullen (2001) applied a constructivist approach to design their virtual labs, while Conklin and Dietrich (2007) considered elements of behaviourism. However, since much more works are available on teaching and learning theories in computer programming, it seems reasonable to consider their findings and observations also in the software security context.…”

Section: Teaching and Learning Theoriesmentioning

confidence: 99%

“…In fact, practitioners who use abstractions usually have a fairly good knowledge of the underlying model. Conklin and Dietrich (2007) propose a paradigm to secure software engineering, which includes also elements of behaviourist theories. They underline that the knowledge of primitives and building blocks is essential and that these core concepts must be taught along with the system concepts.…”

Section: Thementioning

confidence: 99%

“…Although Conklin and Dietrich (2007) do not mention it explicitly, in their framework they apply the behaviourist notion of positive reinforcement (Skinner, 1954). The authors also refer to Bloom's theory (Bloom and Krathwohl, 1956) which states that education should focus not on simply transferring notions, but rather on mastering the subject and encourage reasoning more conceptually.…”

Section: Thementioning

confidence: 99%

“…The authors also refer to Bloom's theory (Bloom and Krathwohl, 1956) which states that education should focus not on simply transferring notions, but rather on mastering the subject and encourage reasoning more conceptually. Conklin and Dietrich (2007) consider the primitives-based material as a knowledge type learning task, "based on rote memorization or recall of information", while systems level material is assimilated using "a combination of comprehension and application learning styles".…”

Section: Thementioning

confidence: 99%

See 3 more Smart Citations

Integrating Formal Methods for Security in Software Security Education

Modesti¹

2020

Informatics in Education

View full text Add to dashboard Cite

As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners.

show abstract

Section: Teaching and Learning Theoriesmentioning

confidence: 99%

Section: Thementioning

confidence: 99%

Section: Thementioning

confidence: 99%

Section: Thementioning

confidence: 99%

See 2 more Smart Citations

Integrating Formal Methods for Security in Software Security Education

Modesti¹

2020

Informatics in Education

View full text Add to dashboard Cite

show abstract

“…Even though these attacks are on the rise, IoT continues to enjoy an even greater surge in popularity and adoption [1] where there is thought to be more than 30 million connected devices worldwide [2]. A substantial number of the attacks stem from poorly built integrated systems and software, where security is not considered during the requirements analysis, design, implementation or testing of the product [3,4]. The vulnerabilities in IoT devices which include outdated software/firmware, default usernames and passwords, and the inability to run software updates or change usernames and passwords [1], are leveraged to gain initial access to networks of corporate targets which then can be further exploited [5].…”

Section: Introductionmentioning

confidence: 99%

Adaption of a Secure Software Development Methodology for Secure Engineering Design

Solms

Futcher

2020

IEEE Access

View full text Add to dashboard Cite

With the rapid advancement of technologies in the era of Industry 4.0, the interconnected nature of operations and systems is introducing a rapidly changing landscape of digitized and connected systems. Cybercrime is considered as possibly the greatest threat to connected systems worldwide, and therefore there exists a large drive in engineering to include cybersecurity in the design, development and maintenance of smart cyber-physical systems. Traditionally, the cybersecurity space was considered the responsibility of Information Technology (IT) professionals, where the greater IT infrastructure was required to keep these engineering systems safe. However, through the evolution of engineering and control systems, the IT infrastructure has started to become more integrated with these systems, improving the efficiency of the systems, but also making them more susceptible to cyber-attacks. These changes mean that securing these systems cannot remain the sole responsibility of the IT professionals, as systems must be designed with cybersecurity in mind. Considering that engineers are designing and developing more integrated systems, there exists a knowledge gap in the field of cybersecurity engineering and engineers' understanding of their cybersecurity responsibilities. This study aimed to determine the level of security that is currently considered in standard electrical engineering projects in a typical academic environment. This baseline serves as a motivation to develop a practical approach to assist engineering students in considering cybersecurity when developing engineering systems and products. INDEX TERMS Engineering education, Engineering design, Security, Secure software design.

show abstract

Examining the Relationship of Code and Architectural Smells with Software Vulnerabilities

Sultana

Codabux

Williams

2020

2020 27th Asia-Pacific Software Engineering Conference (APSEC)

View full text Add to dashboard Cite

Context: Security is vital to software developed for commercial or personal use. Although more organizations are realizing the importance of applying secure coding practices, in many of them, security concerns are not known or addressed until a security failure occurs. The root cause of security failures is vulnerable code. While metrics have been used to predict software vulnerabilities, we explore the relationship between code and architectural smells with security weaknesses. As smells are surface indicators of a deeper problem in software, determining the relationship between smells and software vulnerabilities can play a significant role in vulnerability prediction models.Objective: This study explores the relationship between smells and software vulnerabilities to identify the smells. Method: We extracted the class, method, file, and package level smells for three systems: Apache Tomcat, Apache CXF, and Android. We then compared their occurrences in the vulnerable classes which were reported to contain vulnerable code and in the neutral classes (non-vulnerable classes where no vulnerability had yet been reported). Results: We found that a vulnerable class is more likely to have certain smells compared to a non-vulnerable class. God Class, Complex Class, Large Class, Data Class, Feature Envy, Brain Class have a statistically significant relationship with software vulnerabilities. We found no significant relationship between architectural smells and software vulnerabilities. Conclusion: We can conclude that for all the systems examined, there is a statistically significant correlation between software vulnerabilities and some smells.

show abstract

Secure Software Engineering: A New Paradigm

Cited by 10 publications

References 2 publications

Integrating Formal Methods for Security in Software Security Education

Integrating Formal Methods for Security in Software Security Education

Adaption of a Secure Software Development Methodology for Secure Engineering Design

Examining the Relationship of Code and Architectural Smells with Software Vulnerabilities

Contact Info

Product

Resources

About