Browse > Article
http://dx.doi.org/10.5762/KAIS.2010.11.3.926

Framework of Security Development Method based on Component  

Hong, Jin-Keun (Division of Information Communication, Baekseok University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.11, no.3, 2010 , pp. 926-930 More about this Journal
Abstract
This paper is about a development framework, which is required to develop of security system is based on component. With applying of SDLC(system development life cycle) of information system, the application of information security products DLC is required at this point of time. In this paper, we review NIST requirement specification of development method, requirement criteria of SDLC in each stage, and major security guidelines of risk assessment. Also we are reviewed major security element of SDLC, and to aid understanding of security framework based on component, present the relationship fo security design and DFD in respect of spoofing for the outside entity based on threat tree STRIDE.
Keywords
SDLC; Testing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 G. McGraw, B. Potter, "Software Security Testing", IEEE Security & Privacy, May 2004.
2 NIST, "Security Considerations in the Information SDLC", SP 800-64 Rev. 1, 2004.
3 Swiderski, Frank, and Window Snyder, Threat Modeling, Redmond, WA: Microsoft Pess, 2004.
4 Yourdon, Ed. Just Enough Structured Analysis project. Chapter9, "Data Flow Diagrams, "http://www.yourdon.com/strucanalysis/chapters /ch9.html.
5 Open Source Vulnerability Database. Symlink Vulnerabilites, http://www. osvdb.org/searchdb.php?vuln_title = symlink, last updated January 31, 2006.
6 Miller, Barton P., "Fuzz Testing of Application Reliability," http://www .cs.wisc.edu/-bart/fuzz/fuzz.html, Dec. 2005.
7 KeyLength.com, "Cryptographic Key Length Recommendation," http:// www.keylength.com.
8 Curphey, Araujo, "Web Application Security Assessment Tools", IEEE Security and Privacy archive, Volume 4 , Issue 4, July 2006.