Decision support for managing security complexity in software development

Show simple item record

dc.contributor.author Church, Derek Kenneth
dc.date.accessioned 2010-01-26T17:06:10Z
dc.date.available 2010-01-26T17:06:10Z
dc.date.copyright 2006 en
dc.date.issued 2010-01-26T17:06:10Z
dc.identifier.uri http://hdl.handle.net/1828/2108
dc.description.abstract Security in software applications is a growing concern. This is evidenced by the increasing number of media articles, which detail money lost and the invasion of privacy that occurs, when the security vulnerabilities of a software application are exploited. As a new and rapidly evolving field, the issue of security in software is still an open area of research. The most common methods consist either of A) a reactive survey where subjective determination is made of the level of security present in the software or B) an attempt to integrate security issues into the software development process. The least costly and arguably more effective approach is the latter. However, current approaches rely heavily on the presence of experts in the domain of security to both identify and resolve the issues. Such experts are not always available for each software development project, creating a problem for a project team needing to inject security into their process. This thesis represents an approach for realizing the construction of a decision-support tool for injecting security into an existing process model. Current literature involving security is examined, and the information gleaned is used to construct a security ontology using grounded theory. A framework is then created that maps into existing software process models and the framework loaded with information from the ontology. A practical analysis using the framework is done by examining the TAPAS project in order to revise the tool, with the goal of increasing usability. This analysis is also used to determine if the tool can identify areas of opportunity with regard to security in the TAPAS project. en
dc.language English eng
dc.language.iso en en
dc.rights Available to the World Wide Web en
dc.subject software en
dc.subject development en
dc.subject computer security en
dc.subject.lcsh UVic Subject Index::Sciences and Engineering::Applied Sciences::Computer science en
dc.title Decision support for managing security complexity in software development en
dc.type Thesis en
dc.contributor.supervisor Jahnke, Jens H.
dc.degree.department Dept. of Computer Science en
dc.degree.level Master of Science M.Sc. en

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UVicSpace


My Account