LiU Electronic Press
Download:
File size:
1047 kb
Format:
application/pdf
Author:
Ardi, Shanai (Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems) (Linköping University, The Institute of Technology)
Title:
A Model and Implementation of a Security plug-in for the Software Life Cycle
Department:
Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems
Linköping University, The Institute of Technology
Responsible org.:
Linköping University, Department of Computer and Information Science
Publication type:
Licentiate thesis, monograph (Other academic)
Language:
English
Publisher: Institutionen för datavetenskap
Pages:
101
Series:
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971; 1353
Year of publ.:
2008
URI:
urn:nbn:se:liu:diva-11108
Permanent link:
http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-11108
ISBN:
978-91-7393-956-0
Subject category:
Computer Science
SVEP category:
Computer science
Keywords(en) :
Software security, Vulnerability modeling, Plug-in, Software development process, Software life cycle
Abstract(en) :

Currently, security is frequently considered late in software life cycle. It is often bolted on late in development, or even during deployment or maintenance, through activities such as add-on security software and penetration-and-patch maintenance. Even if software developers aim to incorporate security into their products from the beginning of the software life cycle, they face an exhaustive amount of ad hoc unstructured information without any practical guidance on how and why this information should be used and what the costs and benefits of using it are. This is due to a lack of structured methods.

In this thesis we present a model for secure software development and implementation of a security plug-in that deploys this model in software life cycle. The model is a structured unified process, named S3P (Sustainable Software Security Process) and is designed to be easily adaptable to any software development process. S3P provides the formalism required to identify the causes of vulnerabilities and the mitigation techniques that address these causes to prevent vulnerabilities. We present a prototype of the security plug-in implemented for the OpenUP/Basic development process in Eclipse Process Framework. We also present the results of the evaluation of this plug-in. The work in this thesis is a first step towards a general framework for introducing security into the software life cycle and to support software process improvements to prevent recurrence of software vulnerabilities.

Note:
Report code: LiU-Tek-Lic-2008:11.
Presentation:
2008-03-18, Visionen, Hus B, Campus Valla, Linköpings universitet, Linköping, 10:15 (English)
Supervisor:
Shahmehri, Nahid (Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems) (Linköping University, The Institute of Technology)
Opponent:
Weiler, Nathalie, Dr. (Credit Suisse)
Available from:
2008-02-25
Created:
2008-02-25
Last updated:
2009-04-22
Statistics:
758 hits
FILE INFORMATION
File size:
1047 kb
Mimetype:
application/pdf
Type:
fulltext
Statistics:
885 hits
File size:
159 kb
Mimetype:
application/pdf
Type:
cover
Statistics:
60 hits