Idea: Interactive Support for Secure Software Development

被引：0

作者：

Xie, Jing ^{[1
]}

Chu, Bill ^{[1
]}

Lipford, Heather Richter ^{[1
]}

机构：

[1] Univ N Carolina, Dept Software & Informat Syst, Ctr Cyber Def & Network Assurance, Charlotte, NC 28223 USA

来源：

ENGINEERING SECURE SOFTWARE AND SYSTEMS | 2011年 / 6542卷

关键词：

security software development; secure programming; code refactoring; code annotation; ERRORS;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Security breaches are often caused by software bugs, which may frequently be due to developers' memory lapses, lack of attention/focus, and knowledge gaps. Developers have to contend with heavy cognitive loads to deal with issues such as functional requirements, deadlines, security, and runtime performance. We propose to integrate secure programming support seamlessly into Integrated Development Environments (IDEs) in order to help developers cope with their heavy cognitive load and reduce security errors. As proof of concept, we developed a plug-in for Eclipse's Java development environment. Developers will be alerted to potential secure programming concerns, such as input validation, data encoding, and access control as well as encouraged to comply with secure coding standards.

引用

页码：248 / 255

页数：8

共 50 条

[1] Idea: Interactive support for secure software development
Department of Software and Information Systems, Center for Cyber Defense and Network Assurance, University of North Carolina at Charlotte, Charlotte, NC, United States
Lect. Notes Comput. Sci., (248-255):
[2] Language Support for Secure Software Development with Enclaves
TU Darmstadt, Germany
不详
不详
Proc.IEEE Comput. Secur. Found. Symp., 1940,
[3] Language Support for Secure Software Development with Enclaves
Oak, Aditya
Ahmadian, Amir M.
Balliu, Musard
Salvaneschi, Guido
2021 IEEE 34TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF 2021), 2021, : 281 - 296
[4] A Knowledge Management Approach to Support a Secure Software Development
Barreto Nunes, Francisco Jose
Belchior, Arnaldo Dias
Albuquerque, Adriano Bessa
2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), VOLS 1 AND 2, 2009, : 829 - 834
[5] Secure spiral: A secure software development model
Kaur, P., 1600, Academic Journals Inc., 244, 5th avenue, No. 2218, New City, NY 10001, United States (06):
[6] Secure Software Development Model: A Guide for Secure Software Life Cycle
Daud, Malik Imran
INTERNATIONAL MULTICONFERENCE OF ENGINEERS AND COMPUTER SCIENTISTS (IMECS 2010), VOLS I-III, 2010, : 724 - 728
[7] Secure software - Development by example
Apvrille, A
Pourzandi, M
IEEE SECURITY & PRIVACY, 2005, 3 (04) : 10 - 17
[8] “A framework for development of secure software”
Kakali Chatterjee
Daya Gupta
Asok De
CSI Transactions on ICT, 2013, 1 (2) : 143 - 157
[9] Managing the Secure Software Development
Fujdiak, Radek
Mlynek, Petr
Mrnustik, Pavel
Barabas, Maros
Blazek, Petr
Borcik, Filip
Misurec, Jiri
2019 10TH IFIP INTERNATIONAL CONFERENCE ON NEW TECHNOLOGIES, MOBILITY AND SECURITY (NTMS), 2019,
[10] Secure Feature Driven Development (SFDD) Model for Secure Software Development
Firdaus, Adila
Ghani, Imran
Jeong, Seung Ryul
2ND INTERNATIONAL CONFERENCE ON INNOVATION, MANAGEMENT AND TECHNOLOGY RESEARCH, 2014, 129 : 546 - 553

← 1 2 3 4 5 →