The development and maintenance of network and data security in software systems is done in a late phase of design and coding or during deployment, often in an ad-hoc manner. Network monitoring and recovery, encryption protocols, best practices for combating cyber-crime, or disaster recovery planning are useful methodologies applied to enforce security of a deployed system. Nevertheless these are not enough to protect from attacks directed to software vulnerabilities hidden at design and code level. Introducing security aspects in all the phases of the software development process is an emerging approach to limit costs of adding securi ty features when it's too late and very expensive in terms of time and resources. In this paper we illustrate some proposals to consider security issues in the software process from the early phase of requirements to design and coding.
[1]
Bart De Decker,et al.
Security Through Aspect-Oriented Programming
,
2001,
Network Security.
[2]
Tzilla Elrad,et al.
A UML Profile for Aspect Oriented Modeling
,
2001
.
[3]
Laurence Duchien,et al.
An UML Notation for Aspect-Oriented Software Design
,
2002
.
[4]
Martín Abadi.
Built-in Object Security
,
2003,
ECOOP.
[5]
Yoshikazu Yamamoto,et al.
Extending UML with Aspects: Aspect Support in the Design Phase
,
1999,
ECOOP Workshops.
[6]
David A. Basin,et al.
SecureUML: A UML-Based Modeling Language for Model-Driven Security
,
2002,
UML.