• Title/Summary/Keyword: Secure Software Development Methodology

Search Result 20, Processing Time 0.029 seconds

A Study of Web Application Development Method for Secure Coding Approach Based on SDLC Steps (SDLC 설계절차에 기반한 웹 애플리케이션 시큐어코딩 접근방법 연구)

  • Noh, Si Choon
    • Convergence Security Journal
    • /
    • v.12 no.6
    • /
    • pp.93-99
    • /
    • 2012
  • As the most common application development of software development time, error-free quality, adaptability to frequent maintenance, such as the need for large and complex software challenges have been raised. When developing web applications to respond to software reusability, reliability, scalability, simplicity, these quality issues do not take into account such aspects traditionally. In this situation, the traditional development methodology to solve the same quality because it has limited development of new methodologies is needed. Quality of applications the application logic, data, and architecture in the entire area as a separate methodology can achieve your goals if you do not respond. In this study secure coding, the big issue, web application factors to deal with security vulnerabilities, web application architecture, design procedure is proposed. This proposal is based on a series of ISO/IEC9000, a web application architecture design process.

A Systematic Literature Review on Secure Software Development using Feature Driven Development (FDD) Agile Model (기능주도개발 Agile 방법을 사용할 때의 안전한 소프트웨어 개발에 관한 문헌연구)

  • Arbain, Adila Firdaus;Ghani, Imran;Jeong, Seung Ryul
    • Journal of Internet Computing and Services
    • /
    • v.15 no.1
    • /
    • pp.13-27
    • /
    • 2014
  • Agile methodologies have gained recognition as efficient development processes through their quick delivery of software, even under time constraints. However, like other agile methods such as Scrum, Extreme Programming (XP) and The Dynamic Systems Development Method (DSDM), Feature Driven Development (FDD) has been criticized due to the unavailability of security elements in its twelve practices. In order to examine this matter more closely, we conducted a systematic literature review (SLR) and studied literature for the years 2001-2012. Our findings highlight that, in its current form, the FDD model partially supports the development of secure software. However, there is little research on this topic, as detailed information about the usage of secure software is rarely published. Thus, we have been able to conclude that the existing five phases of FDD have not been enough to develop secure software until recently. For this reason, security-based phase and practices in FDD need to be proposed.

How to Combine Secure Software Development Lifecycle into Common Criteria (CC에서의 소프트웨어 개발보안 활용에 대한 연구)

  • Park, Jinseok;Kang, Heesoo;Kim, Seungjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.1
    • /
    • pp.171-182
    • /
    • 2014
  • Common Criteria is a scheme that minimize IT products's vulnerabilities in accordance with the evaluation assurance level. SSDLC(Secure Software Development Lifecycle) is a methodology that reduce the weakness that can be used to generate vulnerabilities of software development life cycle. However, Common Criteria does not consider certificated IT products's vulnerabilities after certificated it. So, it can make a problem the safety and reliability of IT products. In addition, the developer and the evaluator have the burden of duplicating evaluations of IT products that introduce into the government business due to satisfy both Common Criteria and SSDLC. Thus, we researched the relationship among the Common Criteria, the static code analysis tools, and the SSDLC. And then, we proposed how to combine SSDLC into Common Criteria.

A Study of Quality-based Software Architecture Design Model under Web Application Development Environment (품질기반 웹 애플리케이션 개발을 위한 소프트웨어아키텍쳐 설계절차 예제 정립)

  • Moon, Song Chul;Noh, Si Choon
    • Convergence Security Journal
    • /
    • v.12 no.4
    • /
    • pp.115-122
    • /
    • 2012
  • As the most common application development of software development time, error-free quality, adaptability to frequent maintenance, such as the need for large and complex software challenges have been raised. When developing web applications to respond to software reusability, reliability, scalability, simplicity, these quality issues do not take into account such aspects traditionally. In this situation, the traditional development methodology to solve the same quality because it has limited development of new methodologies is needed. Quality of applications the application logic, data, and architecture in the entire area as a separate methodology can achieve your goals if you do not respond. In this study secure coding, the big issue, web application factors to deal with security vulnerabilities, web application architecture, design procedure is proposed. This proposal is based on a series of ISO/IEC9000, a web application architecture design process.

Security Policy Issue in Application Software Development Process of Smart Phone Environment (스마트폰 환경의 응용 소프트웨어 개발과정에서 보안정책 이슈)

  • Hong, Jin-Keun
    • Journal of Digital Convergence
    • /
    • v.10 no.10
    • /
    • pp.319-324
    • /
    • 2012
  • The application software, which is developed on smart phone environment, is applied to according to system development methodology. This paper presents security consideration, that is required to major application program, which is developed in smart phone environment. First it reviews security issues in application program, and the next it considered to security policy for secure application program.

A Study on Security Requirements Specification in an Object-Oriented Development Environment (객체지향 개발환경에서의 보안 요구사항명세에 관한 연구)

  • Kim, Gi-Han;Chae, Soo-Young;Choi, Myeong-Ryeol;Park, Sang-Seo
    • Convergence Security Journal
    • /
    • v.5 no.3
    • /
    • pp.67-73
    • /
    • 2005
  • Security requirements must be defined well to reduce software vulnerabilities in requirement specification phase. In this paper, we show how to specify security requirements in structured manner for object-oriented development methodology. Our method specifies security requirements through four phases: defining security objectives, identifying the threat, construct attack tree, and specifying security function. This method would help developers to specify security requirements and functions which software have to possess clearly and systematically.

  • PDF

SW Convergence Strategy in Manufacturing/Service Industry : Software and Systems Product Line(SSPL) (제조/서비스 산업의 소프트웨어 융복합 전략 : 소프트웨어 및 시스템 프로덕트라인(SSPL))

  • Lee, Jihyun;Kee, Chang Jin;Kim, Deogtae;Kim, Changsun;Choi, Jongsup;Lee, Danhyung
    • Journal of Information Technology Services
    • /
    • v.11 no.4
    • /
    • pp.295-308
    • /
    • 2012
  • Software and Systems Product Line(SSPL) is a paradigm that has been developed and applied by European Union(EU) to achieve the productivity and competitiveness of EU industries on the world market. It is not just a simple system or software development methodology, but a sophisticated technology requiring capabilities for a high level of mass customization, platforms, processes and convergence of software and systems. EU has applied SSPL for the five selected industrial sectors including aerospace, automobile, medical equipment, consumer electronics and telecommunication equipment since 1990s and led the way to other industry sectors to stimulate the application of SSPL from 2006. In order for Korea to secure competitiveness in the manufacturing and service industries in the competitive borderless market, it is essential to gain the high level of capabilities for software development and convergence of software and systems. SSPL can be a powerful means to achieve this end. This paper discusses the paradigmatic concept of SSPL, how EU's major industries and companies have secured competitiveness through SSPL, key capabilities that are necessary for successful institutionalization of SSPL in Korea, and finally suggestions on core strategies to materialize the benefits of SSPL for Korea.

A Study on an Operational Optimization Algorithm of Software Basic Education (소프트웨어 기초 교육의 최적 운영 알고리즘에 관한 연구)

  • Goo, Eun-Hee;Woo, Chan-Il
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.20 no.2
    • /
    • pp.587-592
    • /
    • 2019
  • The importance of software technologies is becoming more prominent because of the competition to secure a competitive edge in software, which has been intensified since the emergence of smartphones and IoT. Thus, to assure the initiative in the global software industry and to foster superior human resources, there is a growing need for outstanding software development professionals. This paper analyzes the factors that affect the basic perception of software, the need for software development, and the enhancement of software coding ability based on a compulsory software class, which aims to increase the workforce of the converged software industry. The analysis shows that among other technical practices to enhance coding ability, learner-centered technical contents showed the most positive effect regarding the recognition and motive of development and are an essential factor in improving coding skills. The findings indicate that the need for program development and active involvement in the development of the program are the most important factors in improving the practical ability. The analysis presents meaningful results by suggesting a methodology for improving software development capabilities.

CIA-Level Driven Secure SDLC Framework for Integrating Security into SDLC Process (CIA-Level 기반 보안내재화 개발 프레임워크)

  • Kang, Sooyoung;Kim, Seungjoo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.5
    • /
    • pp.909-928
    • /
    • 2020
  • From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.

An Object-Oriented Analysis and Design Methodology for Secure Database Design -focused on Role Based Access Control- (안전한 데이터베이스 설계를 위한 객체지향 분석·설계 방법론 -역할기반 접근제어를 중심으로-)

  • Joo, Kyung-Soo;Woo, Jung-Woong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.6
    • /
    • pp.63-70
    • /
    • 2013
  • In accordance with the advancement of IT, application systems with various and complex functions are being required. Such application systems are typically built based on database in order to manage data efficiently. But most object-oriented analysis design methodologies for developing web application systems have not been providing interconnections with the database. Since the requirements regarding the security issues increased, the importance of security has become emphasized. However, since the security is usually considered at the last step of development, it is difficult to apply the security during the whole process of system development, from the requirement analysis to implementation. Therefore, this paper suggests an object-oriented analysis and design methodology for secure database design from the requirement analysis to implementation. This object-oriented analysis and design methodology for secure database design offers correlations with database that most existing object-oriented analysis and design methodologies could not provide. It also uses UMLsec, the modeling language, to apply security into database design. In addition, in order to implement security, RBAC (Role Based Access Control) of relational database is used.