Abstract
Usually if an application system requires some security features, these are either not available at all, or are incorporated by means of other software products. The security features offered by these security products are usually very limited, in the sense that the application system designer has to rely on the underlying platform’s security measures, or add security features needed by the application system. This means that security is not considered until the operational requirements have been defined and the system is well into the implementation stage. This approach towards application system development poses a problem, since it is seldom possible to provide a good level of security on a retrofit basis, or in parallel but separate from the functional design. To overcome this problem, the security aspects associated with the development of an application system should be considered during the definition of user requirements and incorporated into the system during the design stages. This paper presents a methodology that addresses security requirements as part of system development, while simultaneously considering other functional requirements.
Chapter PDF
Similar content being viewed by others
References
Muftic S, Hatunic E, “CISS: Generalized Security Libraries”, Computers & Security (11), 1992.
Baskerville R, “Designing Information Systems Security”, Addison-Wesley Publications, 1983.
Baskerville R, “Information Systems Security Design Methods: Implications for Information Systems Development”, ACM Computing Surveys (25) 4, December 1993.
Cresson Wood C, “Principles of Secure Information systems design with groupware examples”, Computers & Security (12), 1993.
Ettinger JE, “Information Security”, Chapman & Hall, 1993.
Boehm BW, “A Spiral model of Software Development and Enhancement”, ACM SIGSOFT Software Engineering Notes (11) 4, 1986.
Boehm BW, “Applying process programming to the Spiral model”, Proceedings of the 4th International Software Process Workshop, 1988.
Pfleeger CP, “Security in Computing”, Prentice-Hall International, 1988.
Tompkins FG, Rice R, “Integrating Security Activities into the Software Development Life Cycle and the Software Quality Assurance Process”, Computers & Security 5 (5), 1986.
Denning DE, “Cryptography and Data Security”, Addison-Wesley Publishing Company, 1983.
Denning DE, “A Lattice Model of Secure Information Flow”, Communications of the ACM, 1976.
Lipton RJ, Snyder L, “A Linear Time Algorithm for Deciding Subject Security”, Journal of the Association for Computing Machinery, 24 (3), 1977.
Booysen HAS, Eloff JHP, “Classification of objects for improved access control”, Submitted for publication in Computers & Security.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Booysena, H.A.S., Eloff, J.H.P. (1995). A Methodology for the development of secure Application Systems. In: Eloff, J.H.P., von Solms, S.H. (eds) Information Security — the Next Decade. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-34873-5_20
Download citation
DOI: https://doi.org/10.1007/978-0-387-34873-5_20
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2910-7
Online ISBN: 978-0-387-34873-5
eBook Packages: Springer Book Archive