1 |
L. Sion, et al, "Solution-aware data flow diagrams for security threat modeling", Proceedings of the 33rd Annual ACM Symposium on Applied Computing. pp. 1425-1432, Apr. 2018.
|
2 |
P. Frijns, R. Bierwolf and T. Zijderhand, "Reframing security in contemporary software development life cycle", 2018 IEEE International Conference on Technology Management, Operations and Decisions (ICTMOD), pp. 230-236, Nov. 2018.
|
3 |
H. Aranha, et al, "Securing Mobile e-Health Environments by Design: A Holistic Architectural Approach", 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 1-6, Oct. 2019.
|
4 |
K. M. Kaariainen, "Improving security in software development process: Case Tieto AS", MS Thesis, South-Eastern Finland University of Applied Sciences, May 2019.
|
5 |
M. T. Baldassarre, et al, "Privacy oriented software development", International Conference on the Quality of Information and Communications Technology, pp. 18-32, Aug. 2019.
|
6 |
P. Siddhanti, P. M. Asprion and B. Schneider, "Cybersecurity by Design for Smart Home Environments", Proceedings of the 21st International Conference on Enterprise Information Systems (ICEIS), pp. 587-595, 2019.
|
7 |
S. Ramalingan, et al, "A Holistic Systems Security Approach Featuring Thin Secure Elements for Resilient IoT Deployments", Sensors, vol.20, no.18, pp. 5252, Sep. 2020.
DOI
|
8 |
S. Evangelou, "Auditing and extending security features of IoT platforms", Diploma Thesis, University of Thessaly, Jul. 2020.
|
9 |
M. Howard and S. Lipner, "The Security Development Lifecycle - SDL: A Process for Developing Demonstrably More Secure Software", Microsoft Press, May 2006.
|
10 |
T. M. MIR, et al, "Threat analysis and modeling during a software development lifecycle of a software application", U.S. Patent No 8,091,065, 2012.
|
11 |
V. John and M. Gary, "Building Secure Software: How to Avoid Security Problems the Right Way", Addison-Wesley, Aug. 2001.
|
12 |
R. Egan, et al, "Cyber operational risk scenarios for insurance companies", British Actuarial Journal, vol. 24, Feb. 2019.
|
13 |
V. Casola, et al, "A novel Security-by-Design methodology: Modeling and assessing security by SLAs with a quantitative approach", Journal of Systems and Software, vol.163, May 2020.
|
14 |
M. Bendel, "An Introduction to Department of Defense IA Certification and Accreditation Process(DIACAP)", 2006.
|
15 |
A. Kott, J. Ludwig and M. Lange, "Assessing mission impact of cyberattacks: toward a model-driven paradigm", IEEE Security & Privacy, vol.15, no.5, pp. 65-74, Oct. 2017.
DOI
|
16 |
A. Sanchez-Gomez, J. Diaz and D. Arroyo, "Combining usability and privacy protection in free-access public cloud storage servers: review of the main threats and challenges", arXiv preprint arXiv:1610.08727, 2016.
|
17 |
S. Harrison, et al, "A security evaluation framework for UK e-goverment services agile software development", arXiv preprint arXiv:1604.02368, Apr. 2016.
DOI
|
18 |
E. Chen, et al, "Designing security into software during the development lifecycle", U.S. Patent Application No 13/619,581, 2013.
|
19 |
Hyunsuk Cho, Sungyong Cha and Seungjoo Kim, "A Case Study on the Application of RMF to Domestic Weapon System", Journal of The Korea Institute of Information Security & Cryptology, 29(6), pp. 1463-1475, Dec. 2019.
DOI
|
20 |
Jiseop Lee, et al, "Research for construction Cybersecurity Test and Evaluation of Weapon System", Journal of The Korea Institute of Information Security & Cryptology, 28(3), pp. 765-774, Jun. 2018.
DOI
|
21 |
NIST, "Standards for Security Categorization of Federal Information and Information Systems", FIPS 199, 2004.
|
22 |
NIST, "Guide for Conducting Risk Assessments", NIST SP 800-30, 2012.
|
23 |
M. A. Amutio, J. Candau, and J. A. Manas, "MAGERIT-version 3.0 Methodology for Information Systems Risk Analysis and Management, Ministry of Finance and Public Administration", Jul. 2014.
|
24 |
W. Hassan, et al, "Latest trends, challenges and solutions in security in the era of cloud computing and software defined networks", Int J Inf & Commun Technol ISSN, vol.2252, no.8776, 2019.
|
25 |
H. Rygge and A. Josang, "Threat poker: solving security and privacy threats in agile software development", Nordic Conference on Secure IT Systems, pp. 468-483, Nov. 2018.
|
26 |
W. Douglas and R. Simon. "Applying Secure Software Engineering (SSE) Practices to Critical Space System Infrastructure Development", In: 14th International Conference on Space Operations, pp. 2392, 2016.
|
27 |
B. J. Greer, "Cybersecurity For Healthcare Medical Devices", PhD Thesis, Utica College, May 2018.
|
28 |
J. Wynn, et al, "Threat Assessment & Remediation Analysis (TARA)", MITRE, Oct. 2011.
|
29 |
B. Naqvi and A. Seffah, "A methodology for aligning usability and security in systems and services", 2018 3rd International Conference on Information Systems Engineering (ICISE), pp. 61-66, May 2018.
|
30 |
L. J. Moukahal, M. A. Elsayed and M. Zulkernine, "Vehicle Software Engineering (VSE): Research and Practice," IEEE Internet of Things Journal, vol. 7, no. 10, pp. 10137-10149, Jun. 2020.
DOI
|
31 |
F. Nabi, J. Yong and X. TAO, "Classification of logical vulnerability based on group attacking method", Journal of Ubiquitous Systems & Pervasive Networks, vol.14, no.1, pp. 19-26, 2021.
DOI
|
32 |
Jin-Keun Hong, "Component Analysis of DevOps and DevSecOps", Journal of the Korea Convergence Society, 10(9), pp. 47-53, Sep. 2019.
DOI
|
33 |
A. Sanchez-Gomez, et al, "Review of the main security threats and challenges in free-access public cloud storage servers", Computer and Network Security Essentials. Springer, pp. 263-281, Aug. 2018.
|
34 |
N. Alhirabi, O. Rana and C. Perera, "Designing Security and Privacy Requirements in Internet of Things: A Survey", arXiv preprint arXiv:1910.09911, Oct. 2019.
|
35 |
K. Chermana, H. Pemmaiah, "Cleansing Legacy Data for GDPR Compliance: A Case Study", PhD Thesis, Auckland University of Technology, 2019.
|
36 |
J. Geismann and E. Bodden, "A systematic literature review of model-driven security engineering for cyber-physical systems", Journal of Systems and Software, vol. 169, Nov. 2020.
|
37 |
E. A. Wanniarachchi, "Program security evaluation using dynamic disassembly of machine instructions in virtualized environments", PhD Thesis, 2016.
|
38 |
M. M. Jakeri and M. F. Hassan, "A Review of Factors Influencing the Implementation of Secure Framework for in-House Web Application Development in Malaysian Public Sector", 2018 IEEE Conference on Application, Information and Network Security (AINS), pp. 99-104, Nov. 2018.
|
39 |
H. F. Atlam, et al, "Internet of Things Forensics: A Review", Internet of Things, vol.11, May 2020.
|
40 |
J. Heilmann, "Application Security Review Criteria for DevSecOps Processes", MS Thesis, Lulea University of Technology, Jun. 2020.
|
41 |
Sungyong Cha, et al, "Security evaluation framework for military iot devices", Security and Communication Networks, vol. 2018, pp. 1-12, May 2018.
|
42 |
M. Kern, et al, "A Cybersecurity Risk Assessment Process for Model Based Industry 4.0 Development", 23th World Multi-Conferebce on Systemics, Cybernetics and Informatics (WMSCI), 2019.
|
43 |
M. W. Meersman, "Developing a Cloud Computing Risk Assessment Instrument for Small to Medium Sized Enterprises: A Qualitative Case Study Using a Delphi Technique", PhD Thesis, Northcentral University, May 2019.
|
44 |
A. Hudic, et al. "Towards a unified secure cloud service development and deployment life-cycle", 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 428-436, Aug. 2016.
|
45 |
C. J. D'Orazio, et al, "A Markov adversary model to detect vulnerable iOS devices and vulnerabilities in iOS apps", Applied Mathematics and Computation, vol. 293, pp. 523-544, Jan. 2017.
DOI
|
46 |
M. Alenezi and S. Almuairfi, "Essential activities for Secure Software Development", International Journal of Software Engineering & Applications (IJSEA), vol. 11, no. 2, Mar 2020.
|
47 |
S. A. Ehikioya, E. Guillemot, "A critical assessment of the design issues in e-commerce systems development", Engineering Reports, vol.2, no.4, Mar. 2020.
|
48 |
T. Pavleska, et al, "Cybersecurity Evaluation of Enterprise Architectures: The e-SENS Case", IFIP Working Conference on The Practice of Enterprise Modeling, pp. 226-241, Nov. 2019.
|
49 |
P. De Cremer, et al, "Sensei: Enforcing secure coding guidelines in the integrated development environment", Software: Practice and Experience, vol.50, no.9, pp. 1682-1718, Jun. 2020.
DOI
|
50 |
DoD, "Risk Management Framework (RMF) for DoD Information Technology (IT)", DoDI 8510.01, 2014.
|
51 |
F. Y. Akeel, "Secure data integration systems", PhD Thesis, University of Southampton, Oct. 2017.
|
52 |
S. Lipke, "Building a secure software supply chain using docker", MS Thesis, Hochschule der Medien, 2017.
|
53 |
A. Schaad and T. Reski, "Open Weakness and Vulnerability Modeler(OVVL)-An Updated Approach to Threat Modeling", Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, pp. 417-424, Jan. 2019.
|
54 |
Microsoft, "Security Development Lifecycle - SDL Process Guidance Version 5.2", 2012.
|
55 |
NIST, "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy", NIST SP 800-37, 2018.
|
56 |
NIST, "Security Considerations in the System Development Life Cycle", NIST SP 800-64 Revision 2, 2019.
|
57 |
E. Venson, et al, "Costing secure software development: A systematic mapping study", Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1-11, Aug. 2019.
|
58 |
E. Zheng, J. Kao and B. He, "Automated secure software development management, risk assessment, and risk remediation", U.S. Patent No 10,740,469, 2020.
|
59 |
CNSS, "Security Categorization and Control Selection for National Security Systems", CNSSI 1253, 2009.
|
60 |
V. K. Mishra, "Blockchain for Cybersecurity-Standards & Implications", Cybernomics, vol.1, no.5, pp. 11-15, Dec. 2019.
|
61 |
J. Jaskolka, "Recommendations for Effective Security Assurance of Software-Dependent Systems", Science and Information Conference, pp. 511-531, Jul. 2020.
|
62 |
J. Nguyen and M. Dupuis, "Closing the Feedback Loop Between UX Design, Software Development, Security Engineering, and Operations", Proceedings of the 20th Annual SIG Conference on Information Technology Education, pp. 93-98, Sep. 2019.
|
63 |
E. Venson, et al, "The Impact of Software Security Practices on Development Effort: An Initial Survey", 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), pp. 1-12, Sep. 2019.
|
64 |
M. Zarour, M. Alenezi and K. Alsarayrah, "Software Security Specifications and Design: How Software Engineers and Practitioners Are Mixing Things up", Proceedings of the Evaluation and Assessment in Software Engineering, pp. 451-456, Apr. 2020.
|
65 |
E. Venson, "The effects of required security on software development effort", Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Companion Proceedings, pp. 166-169, Jun. 2020.
|
66 |
R. Kumar and R. Goyal, "Assurance of data security and privacy in the cloud: A three-dimensional perspective", Software Quality Professional, vol. 21, no.2, pp. 7-26, Mar. 2019.
|
67 |
A. Jurcut, et al, "Security Considerations for Internet of Things: A Survey", SN Computer Science, vol.1, no.193, pp. 1-19, Jun. 2020.
DOI
|
68 |
S. Evangelou and C. Akasiadis, "Security Assessment in IoT Ecosystems", 2020.
|
69 |
Sungyong Cha, Seungsoo Baek and Seungjoo Kim, "Blockchain Based Sensitive Data Management by Using Key Escrow Encryption System From the Perspective of Supply Chain", IEEE Access, vol.8, pp. 154269-154280, Aug. 2020.
DOI
|
70 |
Sooyoung Kang and Seungjoo Kim, "CIA-Level Driven Secure SDLC Framework for Integrating Security into SDLC Process", Journal of The Korea Institute of Information Security & Cryptology, 30(5), pp. 909-928, Aug. 2020.
DOI
|
71 |
T. Pavleska, et al, "Drafting a Cybersecurity Framework Profile for Smart Grids in EU: A Goal Based Methodology", European Dependable Computing Conference, pp. 143-155, Aug. 2020.
|
72 |
L. David, "DREADful", Microsoft, Aug. 2007.
|
73 |
A. Van den Berghe, et al, "Design notations for secure software: a systematic literature review", Software & Systems Modeling, vol.16, no.3, pp. 809-831, Aug. 2017.
DOI
|
74 |
R. Buijtenen and T. Rangnau, "Continuous Security Testing: A Case Study on the Challenges of Integrating Dynamic Security Testing Tools in CI/CD", 17th SC@ RUG, 2019.
|
75 |
A. Johannsen, D. Kant and R. Creutzburg, "Measuring IT security, compliance and data governance within small and medium-sized IT enterprises", Electronic Imaging, vol. 252, pp. 1-11, 2020.
|
76 |
ISO, "Evaluation criteria for IT security(CC)", ISO/IEC 15408, 2009.
|
77 |
NIST, "Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories", NIST SP 800-60, 2008.
|
78 |
NIST, "Security and Privacy Controls for Information Systems and Organizations", NIST SP 800-53, 2020.
|
79 |
DoD, "DoD Program Manager's Guidebook for Integrating the Cyb-ersecurity Risk Management Framework into the System Acquisition Lifecycle", 2015.
|