论文信息 - Model-driven Secure Development Lifecycle

Model-driven Secure Development Lifecycle

Building security into software development lifecycles and doing it right is hard. To address the challenge, several prominent organizations have published process-oriented security guidelines to bring security activities into a structured way. Although these eorts contribute to measurable improvements in software and system security, they are often too verbose and fuzzy to be implementable in a development lifecycle involving people (e.g., security experts, developers, and managers) with dierent skillsets. In this paper, we propose the model-driven secure development lifecycle (MD-SDL), an approach that leverages on modeling methods and the advances in model-driven security to simplify the process of eciently integrating security into development lifecycles for the development of securitycritical software and systems.

[1] Michael Howard,et al. The security development lifecycle : SDL, a process for developing demonstrably more secure software , 2006 .

[2] Ruth Breu,et al. Model-Driven Security Engineering for Trust Management in SECTET , 2007, J. Softw..

[3] David Basin,et al. Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[4] Richard Kissel,et al. SP 800-64 Rev. 2. Security Considerations in the System Development Life Cycle , 2008 .

[5] Richard Kissel,et al. Security Considerations in the System Development Life Cycle , 2008 .

[6] Christian Wagner,et al. Model-driven security for Web services in e-Government system: Ideal and real , 2011, 2011 7th International Conference on Next Generation Web Services Practices.

[7] David A. Basin,et al. A decade of model-driven security , 2011, SACMAT '11.

[8] Frederick P. Brooks,et al. No Silver Bullet: Essence and Accidents of Software Engineering , 1987 .

[9] Michiaki Tatsubori,et al. Model-driven security based on a Web services security architecture , 2005, 2005 IEEE International Conference on Services Computing (SCC'05) Vol-1.

[10] Frank Swiderski,et al. Threat Modeling , 2018, Hacking Connected Cars.