Towards Building Secure Software Systems

By Sodiya, A. S.; Onashoga, S. A. et al. | Issues in Informing Science & Information Technology, Annual 2006 | Go to article overview
Save to active project

Towards Building Secure Software Systems


Sodiya, A. S., Onashoga, S. A., Ajayi, O. B., Issues in Informing Science & Information Technology


Abstract

Software security breaches are now very extremely common and a larger percentage is caused by software design defects. Since individuals and organizations now completely depend on software systems for their day-to-day operations, it is then important to produce secure software products. This paper discusses the problems of producing secure software products and provides a model for improving software security. The model--Secure Software Development Model (SSDM), is unified model that integrates security engineering with software engineering so as to ensure effective production of secure software products. Supporting structure in form of laws is also presented to guide developers throughout the development process. We then present our experience that validates the model.

Keywords: Security breaches, Software system, Software security, Software design, Design defects

Introduction

Computer software systems are increasingly faced with both internal and external penetrations. One major reason for this is the fact that software systems are still with development defects which still make them to be vulnerable. This has brought issue of security into sharp focus because organisations, including governments, depend largely on software systems for their day-today operations. The case is even more sensitive in environments where software systems are used for critical missions. This is why building secure software is gaining attention of today's business world and researchers in field of security. In addition, because customers (organizations) have experienced unfortunate security incidence, there is increase awareness and agitation for secure software products.

However, in building secure software systems, a lot has to be done. Security techniques have to be implemented in all the stages of the software engineering. Devanbu and Stubblebine (2000) stated that security concerns must inform every phase of software development, from requirements to design, implementation, testing and deployment. This is necessary because software developer might unknowingly inject defects in all stages of the development process. Microsoft found out that 50% of software security problems were caused by design flaws (McGraw, 2003). Wilander and Gustavsson (2005) reported that, in 2004, more than new security vulnerabilities were found in commercial and open source software everyday. Jones (2000) reported the software benchmark studies conducted on hundreds of software projects and stated that the average specification, design, and implementation defects content of released software varies from 1 to 7 defects per thousand lines of new and changed code produced. Commonly computer systems are hacked by exploiting software bugs. Redwine and Davis, (2004) stated that no existing processes or practices have currently shown to consistently produce secure software. If there is no adequate security, the availability, reliability and safety of the software are not guaranteed.

Consequently, software development process must be carefully engineered and integrated with security requirements. Common development practices must change so as to produce software with few or no security weaknesses. The ultimate challenge for software engineers is then to develop software systems with desired quality, within the reasonable time and budget, and the software must be secure. Wilander and Gustavsson (2005) stated that to build more secure software, accurate and consistent security requirements must be specified. It is therefore important to continue to seek for ways of improving security of software systems. In this paper, we discuss the technical issues of software security and provided the model and support for improving software security.

The rest of this paper is organized as follows. The next section presents review of existing literature in software security. Software security issues are presented after that, followed by a discussion of the architecture for improving security of software systems.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

Towards Building Secure Software Systems
Settings

Settings

Typeface
Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?