Security by Design in Software Engineering

Kreitz, Mark

doi:10.1145/3356773.3356798

Cited by 16 publications

(8 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table III depicts the possible threats identified by the threat modeling process. Similarly, through static code analysis, A2, A5, and A6 categories 3 of OWASP have captured. The results produced from the threat modeling process and the static code analysis provided as input to find the association between them.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Secure Software Engineering: A Knowledge Modeling based Approach for Inferring Association between Source Code and Design Artifacts

Wijesiriwardana¹,

Abeyratne²,

Samarage³

et al. 2020

IJACSA

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

“…Having identified the critical need for software security, the paradigm shift of "Building Security In" has emerged in the recent decades [1], [2], [3]. This paradigm shift requires software security to be addressed in all phases of the software development lifecycle.…”

Section: Introductionmentioning

confidence: 99%

Secure Software Engineering: A Knowledge Modeling based Approach for Inferring Association between Source Code and Design Artifacts

Wijesiriwardana¹,

Abeyratne²,

Samarage³

et al. 2020

IJACSA

View full text Add to dashboard Cite

“…Software engineering processes have been shown to reduce the probability and mitigate the severity of exploitable weaknesses when applied carefully [31]. However, the ubiquity of exploitable vulnerabilities in software, the pervasiveness of automatic updates, and their increasing frequency show how difficult it is to achieve those objectives.…”

Section: Vulnerabilities and Their Causesmentioning

confidence: 99%

The European framework for cybersecurity: strong assets, intricate history

Salvaggio

González

2022

Int. Cybersecur. Law Rev.

View full text Add to dashboard Cite

Over the last decade, the European Union (EU) has demonstrated a consistent determination to promote a global, open, stable, and secure cyberspace for everyone. A structured (and chronological) review of key EU documents, reports, and directives on cybersecurity shows that the recommendations from the relevant EU institutions (Parliament, Commission, Council) have been persistent over time, reiterating the same core issues that seem to not yet have been solved after a decade of debates and experts’ advice. Since at least 2012, EU institutions have identified the two domains that are under constant critical observation for the deployment of a coordinated European cybersecurity approach—gaps in policies and poor integration—while the European fundamentals of cybersecurity (both human and physical) have been consistently seen as an asset rather than a liability. However, the progressive de-professionalization of coding that tends to blur the distinction between amateurs and professionals should not be underestimated, as it furtively introduces a new class of risk related to unverified or circularly certified skills. It is therefore recommended that the regulatory framework is expanded to better govern the accreditation/certification of professional cybersecurity experts as well.

show abstract

“…In this work, we take a different point of view: instead of developing tools to secure existing systems, we provide inherently secure embedded measures that guarantee robust consensus convergence. With this paper, we start to expand the secure-by-design philosophy popular in software engineering [18] towards the design of multi-agent consensus. The research proposed here is thus not meant to replace usual security measures-we assume that these measures have been taken-but to aim to devise a lower level layer of security.…”

Section: Introductionmentioning

confidence: 99%

Secure Consensus via Objective Coding: Robustness Analysis to Channel Tampering

Fabris,

Zelazo

2021

Preprint

View full text Add to dashboard Cite

This work mainly addresses continuous-time multiagent consensus networks where an adverse attacker affects the convergence performances of said protocol. In particular, we develop a novel secure-by-design approach in which the presence of a network manager monitors the system and broadcasts encrypted tasks (i.e. hidden edge weight assignments) to the agents involved. Each agent is then expected to decode the received codeword containing data on the task through appropriate decoding functions by leveraging advanced security principles, such as objective coding and information localization. Within this framework, a stability analysis is conducted for showing the robustness to channel tampering in the scenario where part of the codeword corresponding to a single link in the system is corrupted. A trade-off between objective coding capability and network robustness is also pointed out. To support these novelties, an application example on decentralized estimation is provided. Moreover, an investigation on robust agreement is as well extended in the discrete-time domain. Further numerical simulations are given to validate the theoretical results in both the time domains.

show abstract

Security by Design in Software Engineering

Cited by 16 publications

References 4 publications

Secure Software Engineering: A Knowledge Modeling based Approach for Inferring Association between Source Code and Design Artifacts

Secure Software Engineering: A Knowledge Modeling based Approach for Inferring Association between Source Code and Design Artifacts

The European framework for cybersecurity: strong assets, intricate history

Secure Consensus via Objective Coding: Robustness Analysis to Channel Tampering

Contact Info

Product

Resources

About