Abstract
An increasing number of security attacks on software have motivated the need for including secure development practices within the software development life cycle. With this urgent need, software security management system has received considerable attention and there are various efforts that can be found in this direction. In this paper, we highlighted the need for including application context-sensitive modeling within case-based software security management system proposed by the authors in [3]. Therefore, in this paper, we extend the previous work [3] to include application context modeling. The proposed idea constructs software security models using an application context.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abunadi, I., Alenezi, M.: An empirical investigation of security vulnerabilities within web applications. J. UCS 22(4), 537–551 (2016)
Hakon, P., Ardi, M.S., Jensen, J., Rios, E., Sanchez, T., Shahmehri, N., Tondel, I.A.: An architectural foundation for security model sharing and reuse. In: Proceedings of ARES 2009, pp. 823–828 (2009)
Saito, M., Hazeyama, A., Yoshioka, N., Kobashi, T., Washi-zaki, H., Kaiya, H., Ohkubo, T.: A case-based management system for secure soft-ware development using software security knowledge. Proc. Comput. Sci. 60, 1092–1100 (2015)
Wen, S.F., Katt, B.: An ontology-based context model for managing security knowledge in software development. In: Proceedings of the 23rd Conference of Open Innovations Association FRUCT, pp. 56 (2018)
Baldauf, M., Dustdar, S., Rosenberg, F.: A survey on context-aware systems. Int. J. Ad Hoc Ubiquitous Comput. 2(4), 263–277 (2007)
Habib, K., Leister, W.: Context-aware authentication for the internet of things. In: Eleventh International Conference on Autonomic and Autonomous Systems fined, pp. 134–139 (2015)
Park, S.H., Han, Y.J., Chung, T.M.: Context-aware security management system for pervasive computing environment. In International and Interdisciplinary Conference on Modeling and Using Context, pp. 384–396, Springer, Heidelberg, (2007)
Kim, D., Kim, S.K., Jung, W., Hong, J.E.: A context-aware architecture pattern to en-hance the flexibility of software artifacts reuse. In: Park, J., Pan, Y., Yi, G., Loia, V. (eds.) Advances in Computer Science and Ubiquitous Computing. UCAWSN 2016, CUTE 2016, CSA 2016. Lecture Notes in Electrical Engineering, vol. 421, Springer, Singapore (2016)
Salini, P., Kanmani, S.: Ontology-based representation of reusable security requirements for developing secure web applications. Int. J. Internet Technol. Secured Transact. 5(1), 63–83 (2013)
Kang, W., Liang, Y.: A security ontology with MDA for software development. In: 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 67–74. IEEE (2013)
Guo, M., Wang, J.A.: An ontology-based approach to model common vulnerabilities and exposures in information security. In: ASEE Southest Section Conference (2009)
Marques, M., Ralha, C.G.: An ontological approach to mitigate risk in web applications. In: Proceedings of SBSeg (2014)
Razzaq, A.: Ontology for attack detection: an intelligent approach to web application security. Comput. Secur. 45, 124–146 (2014)
Covington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A context-aware security architecture for emerging applications. In: 18th Annual Computer Security Applications Conference 2002, pp. 249–258. IEEE (2002)
Hu, J., Weaver, A.C.: A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the First Workshop on Pervasive Privacy Security, Privacy, and Trust, pp. 1–8 (2004)
Park, S.H., Han, Y.J., Chung, T.M.: Context-role based access control for context-aware application. In: International Conference on High Performance Computing and Communications, pp. 572–580. Springer, Berlin (2006)
Wullems, C., Looi, M., Clark, A.: Towards context-aware security: an authorization architecture for intranet environments. In: IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 132–137 (2004)
Preda, S., Cuppens, F., Cuppens-Boulahia, N., Alfaro, J.G., Toutain, L., Elrakaiby, Y.: Semantic context aware security policy deployment. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 251–261. ACM (2009)
Shankar, N., Balfanz, D.: Enabling secure ad-hoc communication using con-text-aware security services. In: Workshop on Security in Ubiquitous Computing, in Proceedings of the Ubicomp, vol. 2002 (2002)
Barnum, S., McGraw, G.: Knowledge for software security. IEEE Secur. Priv. 3, 74–78 (2005)
Mead, N.R., McGraw, G.: A portal for software security. IEEE Secur. Priv. 3, 75–79 (2005)
Ruiz, J.F., Rudolph, C., Maña, A., Arjona, M.: A security engineering process for systems of systems using security patterns. In: 2014 IEEE International Systems Conference Proceedings, pp. 8–11. IEEE (2014)
Guan, H., Yang, H., Wang, J.: An ontology-based approach to security pattern selection. Int. J. Autom. Comput. 13(2), 168–182 (2016)
Montero, S., DÃaz, P., Aedo, I.: A semantic representation for domain-specific patterns. In: International Symposium on Metainformatics, pp. 129–140. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Alenezi, M., Khan, F.I. (2019). Context-Sensitive Case-Based Software Security Management System. In: Silhavy, R., Silhavy, P., Prokopova, Z. (eds) Intelligent Systems Applications in Software Engineering. CoMeSySo 2019 2019. Advances in Intelligent Systems and Computing, vol 1046. Springer, Cham. https://doi.org/10.1007/978-3-030-30329-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-30329-7_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30328-0
Online ISBN: 978-3-030-30329-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)