Security Guidelines: Requirements Engineering for Verifying Code Quality

The development and delivery of secure software is a challenging task, that gets even harder when the developer tries to adhere to both application and organization-specific security requirements translated into security guidelines. These guidelines serve as best practices or recommendations that help reduce application exposure to vulnerabilities, and provide hints about the application's adherence to high-level and abstract security requirements. In this paper, we present guidelines we gathered from different sources, and we highlight the main issues related to the interpretation and application of those guidelines. We present a first attempt to classify the requirements with the objective of identifying the analysis that should be performed to verify the adherence of the developed software to each of the categories.

[1]  Ludovic Apvrille,et al.  SysML-Sec: A model driven approach for designing safe and secure systems , 2015, 2015 3rd International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[2]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[3]  David Sands,et al.  Declassification: Dimensions and principles , 2009, J. Comput. Secur..

[4]  John Wilander,et al.  Pattern Matching Security Properties of Code using Dependence Graphs , 2005 .