Introduction to Software Security Concepts

The main problem faced by system administrators nowadays is the protection of data against unauthorized access or corruption due to malicious actions. In fact, due to the impressive growth of the Internet, software security has become one vital concern in any information infrastructure. Unfortunately, software security is still commonly misunderstood. This chapter presents key concepts on security, also providing the basis for understanding existing challenges on developing and deploying secure software systems.

[1]  Birgit Pfitzmann,et al.  MAFTIA: Reference Model and Use Cases , 2000 .

[2]  Kymie M. C. Tan,et al.  Benchmarking anomaly-based detection systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[3]  Robert A. Martin,et al.  Vulnerability Type Distributions in CVE , 2007 .

[4]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..

[5]  Dafydd Stuttard,et al.  The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws , 2007 .

[6]  Marco Vieira,et al.  Towards assessing the security of DBMS configurations , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[7]  Miguel Correia,et al.  Using Attack Injection to Discover New Vulnerabilities , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[8]  Marco Vieira,et al.  A Trust-Based Benchmark for DBMS Configurations , 2009, 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing.

[9]  Toshinori Sato,et al.  Power-Performance Trade-Off of a Dependable Multicore Processor , 2007 .

[10]  张哉根,et al.  Leu-M , 1991 .

[11]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[12]  Marco Vieira,et al.  Vulnerability & attack injection for web applications , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[13]  Karen A. Scarfone,et al.  Guide to Secure Web Services , 2007 .

[14]  David LeBlanc,et al.  Writing Secure Code , 2001 .

[15]  Marco Vieira,et al.  Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks , 2007 .

[16]  Marco Vieira,et al.  Towards a security benchmark for database management systems , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[17]  Marco Vieira,et al.  Benchmarking Untrustworthiness: An Alternative to Security Measurement , 2010, Int. J. Dependable Trust. Inf. Syst..