Decision support for managing security complexity in software development
Date
2010-01-26T17:06:10Z
Authors
Church, Derek Kenneth
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Security in software applications is a growing concern. This is evidenced by the increasing number of media articles, which detail money lost and the invasion of privacy that occurs, when the security vulnerabilities of a software application are exploited.
As a new and rapidly evolving field, the issue of security in software is still an open area of research. The most common methods consist either of A) a reactive survey where subjective determination is made of the level of security present in the software or B) an attempt to integrate security issues into the software development process. The least costly and arguably more effective approach is the latter. However, current approaches rely heavily on the presence of experts in the domain of security to both identify and resolve the issues. Such experts are not always available for each software development project, creating a problem for a project team needing to inject security into their process.
This thesis represents an approach for realizing the construction of a decision-support tool for injecting security into an existing process model. Current literature involving security is examined, and the information gleaned is used to construct a security ontology using grounded theory. A framework is then created that maps into existing software process models and the framework loaded with information from the ontology. A practical analysis using the framework is done by examining the TAPAS project in order to revise the tool, with the goal of increasing usability. This analysis is also used to determine if the tool can identify areas of opportunity with regard to security in the TAPAS project.
Description
Keywords
software, development, computer security