Incorporating Security into Software Development Process

A general scheme of software development process is considered and some aspects related to integrating security into this scheme are analyzed. In particular, semantic-based, defense-in-depth techniques embedded into system/component defense shields and data acquiring/monitoring kernels are considered. The defense shields are to semantically check data of every input before a software component may process them and also to check every output before sending it to other components. The kernels are to regularly perform semantic analysis of the internal status and local data of a component/system. Based on these two ideas, real-time discovery of Vulnerabilities and threats is possible even when various protective measures, such as, passwords, firewalls, intrusion detection systems, access control lists, etc. have been breached. Existing programming systems and possible new methods to realize the shields and kernels are also considered.