liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Model and Implementation of a Security plug-in for the Software Life Cycle
Linköping University, Department of Computer and Information Science, IISLAB - Laboratory for Intelligent Information Systems. Linköping University, The Institute of Technology.
2008 (English)Licentiate thesis, monograph (Other academic)
Abstract [en]

Currently, security is frequently considered late in software life cycle. It is often bolted on late in development, or even during deployment or maintenance, through activities such as add-on security software and penetration-and-patch maintenance. Even if software developers aim to incorporate security into their products from the beginning of the software life cycle, they face an exhaustive amount of ad hoc unstructured information without any practical guidance on how and why this information should be used and what the costs and benefits of using it are. This is due to a lack of structured methods.

In this thesis we present a model for secure software development and implementation of a security plug-in that deploys this model in software life cycle. The model is a structured unified process, named S3P (Sustainable Software Security Process) and is designed to be easily adaptable to any software development process. S3P provides the formalism required to identify the causes of vulnerabilities and the mitigation techniques that address these causes to prevent vulnerabilities. We present a prototype of the security plug-in implemented for the OpenUP/Basic development process in Eclipse Process Framework. We also present the results of the evaluation of this plug-in. The work in this thesis is a first step towards a general framework for introducing security into the software life cycle and to support software process improvements to prevent recurrence of software vulnerabilities.

Place, publisher, year, edition, pages
Institutionen för datavetenskap , 2008. , p. 101
Series
Linköping Studies in Science and Technology. Thesis, ISSN 0280-7971 ; 1353
Keywords [en]
Software security, Vulnerability modeling, Plug-in, Software development process, Software life cycle
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:liu:diva-11108Local ID: LiU-TEK-LIC-2008:11ISBN: 9789173939560 (print)OAI: oai:DiVA.org:liu-11108DiVA, id: diva2:17553
Presentation
2008-03-18, Visionen, Hus B, Campus Valla, Linköpings universitet, Linköping, 10:15 (English)
Opponent
Supervisors
Note

Report code: LiU-Tek-Lic-2008:11.

Available from: 2008-02-25 Created: 2008-02-25 Last updated: 2020-08-14Bibliographically approved

Open Access in DiVA

cover(159 kB)172 downloads
File information
File name COVER01.pdfFile size 159 kBChecksum SHA-1
2ffb155d04b0b0dd69c6bdd7f493afba5d2d1fe25fafff01f579a1fb280ba80f76438e24
Type coverMimetype application/pdf
fulltext(1047 kB)1504 downloads
File information
File name FULLTEXT01.pdfFile size 1047 kBChecksum SHA-1
20d593651891f34deca3481311a2472b7cb1d3743edaa6066194ee93db7888123ab33113
Type fulltextMimetype application/pdf
Order online >>

Authority records

Ardi, Shanai

Search in DiVA

By author/editor
Ardi, Shanai
By organisation
IISLAB - Laboratory for Intelligent Information SystemsThe Institute of Technology
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 1505 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1337 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf