liu.seSök publikationer i DiVA
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
A Model and Implementation of a Security plug-in for the Software Life Cycle
Linköpings universitet, Institutionen för datavetenskap, IISLAB - Laboratoriet för intelligenta informationssystem. Linköpings universitet, Tekniska högskolan.
2008 (Engelska)Licentiatavhandling, monografi (Övrigt vetenskapligt)
Abstract [en]

Currently, security is frequently considered late in software life cycle. It is often bolted on late in development, or even during deployment or maintenance, through activities such as add-on security software and penetration-and-patch maintenance. Even if software developers aim to incorporate security into their products from the beginning of the software life cycle, they face an exhaustive amount of ad hoc unstructured information without any practical guidance on how and why this information should be used and what the costs and benefits of using it are. This is due to a lack of structured methods.

In this thesis we present a model for secure software development and implementation of a security plug-in that deploys this model in software life cycle. The model is a structured unified process, named S3P (Sustainable Software Security Process) and is designed to be easily adaptable to any software development process. S3P provides the formalism required to identify the causes of vulnerabilities and the mitigation techniques that address these causes to prevent vulnerabilities. We present a prototype of the security plug-in implemented for the OpenUP/Basic development process in Eclipse Process Framework. We also present the results of the evaluation of this plug-in. The work in this thesis is a first step towards a general framework for introducing security into the software life cycle and to support software process improvements to prevent recurrence of software vulnerabilities.

Ort, förlag, år, upplaga, sidor
Institutionen för datavetenskap , 2008. , s. 101
Serie
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1353
Nyckelord [en]
Software security, Vulnerability modeling, Plug-in, Software development process, Software life cycle
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:liu:diva-11108ISBN: 978-91-7393-956-0 (tryckt)OAI: oai:DiVA.org:liu-11108DiVA, id: diva2:17553
Presentation
2008-03-18, Visionen, Hus B, Campus Valla, Linköpings universitet, Linköping, 10:15 (Engelska)
Opponent
Handledare
Anmärkning

Report code: LiU-Tek-Lic-2008:11.

Tillgänglig från: 2008-02-25 Skapad: 2008-02-25 Senast uppdaterad: 2020-03-29

Open Access i DiVA

omslag(159 kB)113 nedladdningar
Filinformation
Filnamn COVER01.pdfFilstorlek 159 kBChecksumma SHA-1
2ffb155d04b0b0dd69c6bdd7f493afba5d2d1fe25fafff01f579a1fb280ba80f76438e24
Typ coverMimetyp application/pdf
fulltext(1047 kB)1242 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 1047 kBChecksumma SHA-1
20d593651891f34deca3481311a2472b7cb1d3743edaa6066194ee93db7888123ab33113
Typ fulltextMimetyp application/pdf
Beställ online >>

Personposter BETA

Ardi, Shanai

Sök vidare i DiVA

Av författaren/redaktören
Ardi, Shanai
Av organisationen
IISLAB - Laboratoriet för intelligenta informationssystemTekniska högskolan
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 1242 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

isbn
urn-nbn

Altmetricpoäng

isbn
urn-nbn
Totalt: 1201 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf