论文信息 - Process Activities Supporting Security Principles

Process Activities Supporting Security Principles

Security principles, like least privilege, are among the few resources in the body of knowledge for security that survived the test of time. Over the last few years, several secure software development processes have emerged that mention security principles and acknowledge their importance. Nevertheless, support for principles in security processes does not appear to be satisfactory. This paper analyzes a forefront security process (CLASP) and elicits both explicit and hidden relationships between process activities and security principles.

[1] Ken Frazer,et al. Building secure software: how to avoid security problems the right way , 2002, SOEN.

[2] 31st Annual International Computer Software and Applications Conference, COMPSAC 2007, Beijing, China, July 24-27, 2007. Volume 1 , 2007, Annual International Computer Software and Applications Conference.

[3] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[4] Andrew Blyth,et al. Secure coding — principles and practices , 2004 .

[5] Peter G. Neumann,et al. Principled assuredly trustworthy composable architectures , 2003 .

[6] Gary McGraw,et al. Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[7] Michael Howard,et al. The security development lifecycle : SDL, a process for developing demonstrably more secure software , 2006 .

[8] Jan Jürjens,et al. Encapsulating Rules of Prudent Security Engineering , 2001, Security Protocols Workshop.