Case Base for Secure Software Development Using Software Security Knowledge Base

The importance of software security technologies has been gaining attention due to the increase in services on the Internet. Various technologies regarding software security have been developed. However, we believe knowledge regarding software security is not integrated, therefore, we have been developing a knowledge base for secure software development. We previously proposed a learning model that associates artifacts created in secure software development with knowledge in the knowledge base as design rationale. However, only a few case studies that addressed a full life cycle for secure software development have been reported. To mitigate this lack in reported case studies, Okubo et al. Created a common task regarding software security. In this study, we developed a case base of secure software development whose artifacts are associated with the knowledge base using this common task as a case.

[1]  Atsuo Hazeyama,et al.  Preliminary Evaluation of a Software Security Learning Environment , 2014, Int. J. Softw. Innov..

[2]  Jorge Gonzalez,et al.  CakePHP 2 Application Cookbook , 2014 .

[3]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[4]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[5]  Jens Bürger,et al.  Maintaining requirements for long-living software systems by incorporating security knowledge , 2014, 2014 IEEE 22nd International Requirements Engineering Conference (RE).

[6]  Johannes Sametinger,et al.  Software Security , 2013, 2013 20th IEEE International Conference and Workshops on Engineering of Computer Based Systems (ECBS).

[7]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[8]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[9]  Lin Liu,et al.  Security Requirements Engineering in the Wild: A Survey of Common Practices , 2011, 2011 IEEE 35th Annual Computer Software and Applications Conference.

[10]  Gary McGraw,et al.  Knowledge for Software Security , 2005, IEEE Secur. Priv..