Skip to main content
SpringerLink
Log in

Context-Sensitive Case-Based Software Security Management System

  • Conference paper
  • First Online:
Intelligent Systems Applications in Software Engineering (CoMeSySo 2019 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1046))

Included in the following conference series:

  • 533 Accesses

Abstract

An increasing number of security attacks on software have motivated the need for including secure development practices within the software development life cycle. With this urgent need, software security management system has received considerable attention and there are various efforts that can be found in this direction. In this paper, we highlighted the need for including application context-sensitive modeling within case-based software security management system proposed by the authors in [3]. Therefore, in this paper, we extend the previous work [3] to include application context modeling. The proposed idea constructs software security models using an application context.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abunadi, I., Alenezi, M.: An empirical investigation of security vulnerabilities within web applications. J. UCS 22(4), 537–551 (2016)

    Google Scholar 

  2. Hakon, P., Ardi, M.S., Jensen, J., Rios, E., Sanchez, T., Shahmehri, N., Tondel, I.A.: An architectural foundation for security model sharing and reuse. In: Proceedings of ARES 2009, pp. 823–828 (2009)

    Google Scholar 

  3. Saito, M., Hazeyama, A., Yoshioka, N., Kobashi, T., Washi-zaki, H., Kaiya, H., Ohkubo, T.: A case-based management system for secure soft-ware development using software security knowledge. Proc. Comput. Sci. 60, 1092–1100 (2015)

    Article  Google Scholar 

  4. Wen, S.F., Katt, B.: An ontology-based context model for managing security knowledge in software development. In: Proceedings of the 23rd Conference of Open Innovations Association FRUCT, pp. 56 (2018)

    Google Scholar 

  5. Baldauf, M., Dustdar, S., Rosenberg, F.: A survey on context-aware systems. Int. J. Ad Hoc Ubiquitous Comput. 2(4), 263–277 (2007)

    Article  Google Scholar 

  6. Habib, K., Leister, W.: Context-aware authentication for the internet of things. In: Eleventh International Conference on Autonomic and Autonomous Systems fined, pp. 134–139 (2015)

    Google Scholar 

  7. Park, S.H., Han, Y.J., Chung, T.M.: Context-aware security management system for pervasive computing environment. In International and Interdisciplinary Conference on Modeling and Using Context, pp. 384–396, Springer, Heidelberg, (2007)

    Google Scholar 

  8. Kim, D., Kim, S.K., Jung, W., Hong, J.E.: A context-aware architecture pattern to en-hance the flexibility of software artifacts reuse. In: Park, J., Pan, Y., Yi, G., Loia, V. (eds.) Advances in Computer Science and Ubiquitous Computing. UCAWSN 2016, CUTE 2016, CSA 2016. Lecture Notes in Electrical Engineering, vol. 421, Springer, Singapore (2016)

    Google Scholar 

  9. Salini, P., Kanmani, S.: Ontology-based representation of reusable security requirements for developing secure web applications. Int. J. Internet Technol. Secured Transact. 5(1), 63–83 (2013)

    Article  Google Scholar 

  10. Kang, W., Liang, Y.: A security ontology with MDA for software development. In: 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp. 67–74. IEEE (2013)

    Google Scholar 

  11. Guo, M., Wang, J.A.: An ontology-based approach to model common vulnerabilities and exposures in information security. In: ASEE Southest Section Conference (2009)

    Google Scholar 

  12. Marques, M., Ralha, C.G.: An ontological approach to mitigate risk in web applications. In: Proceedings of SBSeg (2014)

    Google Scholar 

  13. Razzaq, A.: Ontology for attack detection: an intelligent approach to web application security. Comput. Secur. 45, 124–146 (2014)

    Article  Google Scholar 

  14. Covington, M.J., Fogla, P., Zhan, Z., Ahamad, M.: A context-aware security architecture for emerging applications. In: 18th Annual Computer Security Applications Conference 2002, pp. 249–258. IEEE (2002)

    Google Scholar 

  15. Hu, J., Weaver, A.C.: A dynamic, context-aware security infrastructure for distributed healthcare applications. In: Proceedings of the First Workshop on Pervasive Privacy Security, Privacy, and Trust, pp. 1–8 (2004)

    Google Scholar 

  16. Park, S.H., Han, Y.J., Chung, T.M.: Context-role based access control for context-aware application. In: International Conference on High Performance Computing and Communications, pp. 572–580. Springer, Berlin (2006)

    Chapter  Google Scholar 

  17. Wullems, C., Looi, M., Clark, A.: Towards context-aware security: an authorization architecture for intranet environments. In: IEEE Annual Conference on Pervasive Computing and Communications Workshops, pp. 132–137 (2004)

    Google Scholar 

  18. Preda, S., Cuppens, F., Cuppens-Boulahia, N., Alfaro, J.G., Toutain, L., Elrakaiby, Y.: Semantic context aware security policy deployment. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 251–261. ACM (2009)

    Google Scholar 

  19. Shankar, N., Balfanz, D.: Enabling secure ad-hoc communication using con-text-aware security services. In: Workshop on Security in Ubiquitous Computing, in Proceedings of the Ubicomp, vol. 2002 (2002)

    Google Scholar 

  20. Barnum, S., McGraw, G.: Knowledge for software security. IEEE Secur. Priv. 3, 74–78 (2005)

    Article  Google Scholar 

  21. Mead, N.R., McGraw, G.: A portal for software security. IEEE Secur. Priv. 3, 75–79 (2005)

    Article  Google Scholar 

  22. Ruiz, J.F., Rudolph, C., Maña, A., Arjona, M.: A security engineering process for systems of systems using security patterns. In: 2014 IEEE International Systems Conference Proceedings, pp. 8–11. IEEE (2014)

    Google Scholar 

  23. Guan, H., Yang, H., Wang, J.: An ontology-based approach to security pattern selection. Int. J. Autom. Comput. 13(2), 168–182 (2016)

    Article  Google Scholar 

  24. Montero, S., Díaz, P., Aedo, I.: A semantic representation for domain-specific patterns. In: International Symposium on Metainformatics, pp. 129–140. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Security Engineering Lab, Prince Sultan University, Riyadh, Saudi Arabia

    Mamdouh Alenezi & Faraz Idris Khan

Authors
  1. Mamdouh Alenezi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Faraz Idris Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Faraz Idris Khan .

Editor information

Editors and Affiliations

  1. Faculty of Applied Informatics, Tomas Bata University in Zlin, Zlin, Czech Republic

    Radek Silhavy

  2. Faculty of Applied Informatics, Tomas Bata University in Zlin, Zlin, Czech Republic

    Petr Silhavy

  3. Faculty of Applied Informatics, Tomas Bata University in Zlin, Zlin, Czech Republic

    Zdenka Prokopova

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alenezi, M., Khan, F.I. (2019). Context-Sensitive Case-Based Software Security Management System. In: Silhavy, R., Silhavy, P., Prokopova, Z. (eds) Intelligent Systems Applications in Software Engineering. CoMeSySo 2019 2019. Advances in Intelligent Systems and Computing, vol 1046. Springer, Cham. https://doi.org/10.1007/978-3-030-30329-7_13

Download citation

Publish with us

Policies and ethics

Search

Navigation