Security-aware software development life cycle (SaSDLC): processes and tools

Authors:
Asoke K. Talukder;Vineet Kumar Maurya;Babu G. Santhosh;Jangam Ebenezer;Sekhar V. Muni;K. P. Jevitha;Saurabh Samanta;Alwyn Roshan Pais
Affiliations:
Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal;Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal;Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal;Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal;Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal;Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal;Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal;Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal
Venue:
WOCN'09 Proceedings of the Sixth international conference on Wireless and Optical Communications Networks
Year:
2009

Citing 3
Cited 2

Threat Modeling

Threat Modeling
Eliciting security requirements with misuse cases

Requirements Engineering
Architecting Secure Software Systems

Architecting Secure Software Systems

Security & scalability architecture for next generation internet services

IMSAA'09 Proceedings of the 3rd IEEE international conference on Internet multimedia services architecture and applications
Availability state transition model

ACM SIGSOFT Software Engineering Notes

Quantified Score

Hi-index	0.00

Visualization

Abstract

Today an application is secured using invitro perimeter security. This is the reason for security being considered as nonfunctional requirement in Software Development Life Cycle (SDLC). In Next Generation Internet (NGI), where all applications will be networked, security needs to be in-vivo; security must be functions within the application. Applications running on any device, be it on a mobile or on a fixed platform - need to be security-aware using Security-aware Software Development Life Cycle (SaSDLC), which is the focus of this paper. We also present a tool called Suraksha that comprises of Security Designers' Workbench and Security Testers' Workbench that helps a developer to build Security-aware applications.