Software Security Assurance: A State-of-Art Report (SAR)

Goertzel, Karen Mercedes; Winograd, Theodore; McKinley, Holly L.; Oh, Lyndon J.; Colón, Michael A.; McGibbon, Thomas; Fedchak, Elaine; Vienneau, Robert L.

doi:10.21236/ada472363

Cited by 40 publications

(34 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attacks targeting software faults have become very sophisticated. They often exploit unexpected sequences of multiple, often non-contiguous faults (referred to as Byzantine faults) throughout the software [1].…”

Section: Security Assurancementioning

confidence: 99%

“…On the other hand, source-code analysis tools rely on the assumption that "fewer faults in source code mean the software is less vulnerable." [1].…”

Section: Security Assurancementioning

confidence: 99%

“…RMFs for managing organizational risk have been used for some years now. More recently, the framework approach has been applied to security risks" management and, even more recently, specifically to software risk management in software [1].…”

Section: B Evidence Of Risk Assessment and Its Qualitymentioning

confidence: 99%

“…The most widely spread of these efforts is the CC (ISO/IEC 15408) Standard [10], which focuses primarily on documentation rather than the actual security effectiveness of the system in operation. There is no meaningful basis for assurance cases that can be used to verify security as a property of software as opposed to security correctness [1].…”

Section: Related Workmentioning

confidence: 99%

“…A networked environment creates potential for most faults to become security vulnerabilities. The increased exposure of software-intensive systems has coincided with attackers" increased awareness of the multitude of vulnerabilities present in software [1].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Towards Measurement of Security Effectiveness Enabling Factors in Software Intensive Systems

Savola¹

2014

LNSE

View full text Add to dashboard Cite

Abstract-Adequate information security effectiveness during system operation is the ultimate goal of all security solutions for software-intensive systems. Sufficient and credible measurement of security effectiveness supports informed decision-making in engineering and management practices throughout the system development life cycle. Although detail-level security metrics can be developed for special purposes, their meaningfulness suffers if their relationship to the overall security effectiveness objectives cannot be traced. This paper analyzes the factors contributing to security effectiveness of software-intensive systems.

show abstract

Section: Security Assurancementioning

confidence: 99%

“…On the other hand, source-code analysis tools rely on the assumption that "fewer faults in source code mean the software is less vulnerable." [1].…”

Section: Security Assurancementioning

confidence: 99%

Section: B Evidence Of Risk Assessment and Its Qualitymentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Towards Measurement of Security Effectiveness Enabling Factors in Software Intensive Systems

Savola¹

2014

LNSE

View full text Add to dashboard Cite

show abstract

Aviation Software: Safety and Security

Kornecki

Zalewski

2015

Wiley Encyclopedia of Electrical and Electronics Engineering

View full text Add to dashboard Cite

Aviation systems, both airborne and ground, (e.g., flight controls, avionics, engine control, and air traffic control) are typical examples of safety‐critical, real‐time systems. Such systems continue to become more complex and are extremely software reliant. Modern aircrafts, composed on numerous software‐controlled systems, operate within constraints of a National Airspace System (NAS) that includes air traffic management, weather services, airline and airport operations, communication facilities, navigation infrastructure, and so on. NAS is a software‐intensive system of systems with multiple components and of incredible complexity. Software is critical in all aspects of modern aviation, whether it is for development, operation flexibility, or fault tolerance. Technological progress, particularly in the electronics and computing areas, changed the aviation industry. Safety has always been a critical factor for aviation; with increased interconnectivity of networked systems and potential vulnerability for malicious attacks, security becomes likewise important. This chapter presents basic concepts and definitions of safety and security together with their mutual relationship. Representative techniques, methods, and tools used to facilitate software assurance are discussed. In addition, the chapter introduces regulations and certification guidance as applied to the development of software‐intensive aviation systems from the perspective of safety and security.

show abstract

Trustworthiness of IT Systems and Services

Suryn¹

2014

Software Quality Engineering

View full text Add to dashboard Cite

Software Security Assurance: A State-of-Art Report (SAR)

Cited by 40 publications

References 8 publications

Towards Measurement of Security Effectiveness Enabling Factors in Software Intensive Systems

Towards Measurement of Security Effectiveness Enabling Factors in Software Intensive Systems

Aviation Software: Safety and Security

Trustworthiness of IT Systems and Services

Contact Info

Product

Resources

About