Software security

McGraw, Gary

doi:10.1109/msecp.2004.1281254

Cited by 367 publications

(150 citation statements)

References 5 publications

Supporting

Mentioning

145

Contrasting

Unclassified

Order By: Relevance

“…Software security is the idea of engineering software so that it continues to function correctly under malicious attack [19]. The software security field is a relatively new one.…”

Section: Security Consideration For Each Step In Software Developmentmentioning

confidence: 99%

See 1 more Smart Citation

A priority for WSN in ubiquitous environment: multimedia security requirements

Jeong

2016

Multimed Tools Appl

View full text Add to dashboard Cite

With the rapid expansion of the human-centric ubiquitous environment, wireless sensor networks (WSN) will continue to be part of our everyday life and increase the amount and the type of data generated and transmitted by the WSN. As sensors become more essential in our daily life, the data from the sensors will become more private and need to be handled more sensitively. Therefore, the security of not only the data transmission between sensor nodes, but also the software system handling the data from sensor nodes will become more important. In this study, I concentrated on the security characteristics of the overall application systems in WSNs and derived the security attributes from the security requirements and standards of the existing network-based software systems. In the software development process, security must be considered throughout the whole process and, according to the applications the priority of each security attribute can be changed. I demonstrated the relative priority change in a web-based system and a WSN application system with an Analytic Hierarchy Process. The evaluation results showed that the difference of the relative priority of the security attributes in each sample system results not from the difference between the existing network-based system and the WSN but the type of the application. Therefore, the Multimedia security requirements and standards of the existing network-based software development process can be applied to the WSN application system through proper selection and modification.

show abstract

“…Software security is the idea of engineering software so that it continues to function correctly under malicious attack [19]. The software security field is a relatively new one.…”

Section: Security Consideration For Each Step In Software Developmentmentioning

confidence: 99%

“…Although the systems are laid out according to a traditional waterfall model in Fig. 7, most software development organizations follow an iterative approach today, which means that best practices will be cycled and repeated through more than once as the software evolves [19].…”

Section: Security Consideration For Each Step In Software Developmentmentioning

confidence: 99%

A priority for WSN in ubiquitous environment: multimedia security requirements

Jeong

2016

Multimed Tools Appl

View full text Add to dashboard Cite

show abstract

“…Computer system security is the idea of engineering systems so that it continues to function correctly under malicious attacks (definition adapted from (McGraw 2004)). The goal of computer system security mechanisms is to prevent, detect, and recover from attacks (Bishop 2003).…”

Section: Basic Concepts On Computer System Securitymentioning

confidence: 99%

Security Benchmarks for Web Serving Systems

Mendes

Madeira

Duraes

2014

2014 IEEE 25th International Symposium on Software Reliability Engineering

View full text Add to dashboard Cite

The assessment of the security level of computer systems in a standardized and regular manner (security benchmarking) has become a very relevant subject, especially for those who use computer systems to support critical business missions or to store confidential information. The concern about computer-based system security is totally justified: systems have become increasingly complex, interconnected, and pervasive, and their security have been threatened by many types of attacks. These attacks are unavoidable, as the root causes for them are tied up to human aspects that cannot be removed (intention to cause harm, intention to steal information, etc.), and the losses attacks can cause to their targets (when successful) can be very significant. This scenario of attack inevitability has led companies and governments to invest massively in the development of regulations and mechanisms aimed at the improvement of the security of computer systems (e.g., training developer teams, rapidly solving discovered vulnerabilities, using tools to detect and prevent attacks). Despite these efforts, successful attacks continue to happen, showing that computer systems remain insecure. This is why end-users, system administrators, and systems integrators (to mention just a few classes of users) consider security as an important decision factor when choosing which system to buy and use. These individuals are looking for the means to assess and compare the security of functionally-similar systems/components that will enable them to make a decision taking into account the assessment of security risk.This thesis presents a novel, reproducible, risk-based methodology to benchmark the security of software-based systems. This is a generic methodology that can be instantiated to any class of software-based system. Our benchmark methodology uses the notion of risk in a quantifiable way to measure the security of systems, with a single security metric (SBench) to simplify the comparison of different systems (or different configurations of the same system), enabling users and system integrators to identify and select the most secure one, allowing as well the breakdown of this single metric for more detailed analysis. Our methodology follows the approach of benchmarks proposed in the field of performance and dependability, containing elements such as metrics, workload, and experimental setup, and defining a comprehensive set of procedures and rules to ensure the compliance with key properties such as repeatability.Our security benchmark methodology cover the two complementary views of a 8 given system concerning security: the first takes into account concrete vulnerabilities effectively existing for that system (measures what is already known), and the second estimates the effects of possible yet-to-discover vulnerabilities (and, in fact, many attacks are based on previously unknown vulnerabilities). In fact, these views correspond to the two parts of our benchmark methodology: the static and the dynamic. The static part corresponds ...

show abstract

“…A software application is correct if it meets the requirements for which it was designed; complete if it meets all the specified requirements; and exact if it performs only those operations specified by the requirements [6]. McGraw [7] defines software security as 'the idea of engineering software so that it continues to function correctly under malicious attack'. Viega and McGraw [1] further state that the problem of security is relative and that there is no such thing as 100% security.…”

Section: Secure and Trusted Softwarementioning

confidence: 99%

How Can Secure Software be Trusted?

Futcher¹,

Solms²

2011

SACJ

View full text Add to dashboard Cite

The security of software applications is a major concern, especially for information owners, software developers and users. Increasingly, these stakeholders need to be confident that the software applications being developed are secure and can be trusted when used in the intended environment. However, a problem exists in terms of how to confidently address the security of software applications in order to protect the information to be stored, processed and transmitted by them, thereby increasing their associated levels of trust. The purpose of this paper is therefore to address some key aspects relating to the security and trustworthiness of a software application functioning within the intended environment. These key aspects include those relating to the security controls implemented and installed by the software developers and those involving the actual usage of the security controls implemented.

show abstract

Software security

Cited by 367 publications

References 5 publications

A priority for WSN in ubiquitous environment: multimedia security requirements

A priority for WSN in ubiquitous environment: multimedia security requirements

Security Benchmarks for Web Serving Systems

How Can Secure Software be Trusted?

Contact Info

Product

Resources

About