Survey on Body of Knowledge Regarding Software Security

With an increase in the services on the Internet, importance for software security technologies has been recognized. A number of research and development programs regarding software security have been carried out thus far. However, it is not clear how these technologies can be combined in order to utilize them effectively. This paper proposes a conceptual model for a body of knowledge regarding software security. In addition, this paper introduces an overview of technologies developed for different pieces of knowledge and the current status of research that has clarified the relationships between these pieces of knowledge. Finally, the author discusses the future direction of this field.

[1]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2000, Proceedings 37th International Conference on Technology of Object-Oriented Languages and Systems. TOOLS-Pacific 2000.

[2]  Gary McGraw,et al.  Knowledge for Software Security , 2005, IEEE Secur. Priv..

[3]  Ralph E. Johnson,et al.  Growing a pattern language (for security) , 2012, Onward! 2012.

[4]  Elizabeth Schroeder Activity , 2005 .

[5]  Sean Barnum,et al.  Attack Patterns as a Knowledge Resource for Building Secure Software , 2007 .

[6]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[7]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[8]  N. Johnson The MITRE corporation , 1961, ACM National Meeting.

[9]  Andrew Blyth,et al.  Secure coding — principles and practices , 2004 .

[10]  L OpdahlAndreas,et al.  Eliciting security requirements with misuse cases , 2005 .

[11]  Common Attack Pattern Enumeration and Classification — CAPEC TM A Community Knowledge Resource for Building Secure Software , 2013 .

[12]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[13]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[14]  Tom Caddy,et al.  Common Criteria , 2005, Encyclopedia of Cryptography and Security.

[15]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[16]  Johannes Sametinger,et al.  A Security Design Pattern Taxonomy based on Attack Patterns - Findings of a Systematic Literature Review , 2009, SECRYPT.

[17]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[18]  B. Cheng,et al.  Security Patterns , 2003 .

[19]  Gary Mcgraw Software security , 2004, IEEE Security & Privacy Magazine.

[20]  Neil Daswani,et al.  Foundations of Security - What Every Programmer Needs to Know , 2007 .

[21]  Wouter Joosen,et al.  Process Activities Supporting Security Principles , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[22]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.