Abstract
Security is an important aspect of software that needs to be considered during the entire System Development Life Cycle (SDLC). A structured and practical approach to handle Software Security is proposed by defining the con-cept of Security Architecture and by using this Security Architecture as key concept to relate all security activities that need to be performed as defined by the SDLC. The Security Architecture itself is described using a structured definition format, called the Extensible Security Architecture Description Format (XSADF). XSADF can be used as input format for tools that can assess the security aspects of a system under development.
To support the work on a Security Architecture, a Security Architecture Framework is proposed. Software Architects can use this framework as a template to define the Security Architecture for the system they are developing.
The structured approach using XSADF, with a central place for Security Architecture, is a step to achieve „security by design“.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Howard, Michael – Lipner, Steve: The Security Development Lifecycle. Microsoft, 2006, ISBN: 978- 0-735-62214-2.
McGraw, Gary: Software Security Building Security In, Addison-Wesley, 2006, ISBN: 0-321-35670-5
Kissel, Richard – Stine, Kevin – Scholl, Matthew – Rossman, Hart – Fahlsing, Jim – Gulick, Jessica: NIST Special Publication 800-64, Revision 2, Security Considerations in the Information System Development Life Cycle, NIST, November 2008, http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf
van Opstal, Ton: A Structured Approach to Software Security, Introducing the Extensible Security Architecture Description Format. Master Thesis TiasNimbas Business School, November 2008
Ross, Ron – Katzke, Stu – Johnson, Arnold – Swanson, Marianne – Stoneburner, Gary – Rogers, George: NIST Special Publication 800-53, Revision 2, Recommended Security Controls for Federal Information Systems, NIST, December 2007 http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2-final.pdf
Ziring, Neal – Quinn, Stephen D.: Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4, NIST, January 2008 http://csrc.nist.gov/publications/nistir/ir7275r3/NISTIR-7275r3.pdf
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2010 Vieweg+Teubner | GWV Fachverlage GmbH
About this chapter
Cite this chapter
van Opstal, T. (2010). A Structured Approach to Software Security. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2009 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9363-5_28
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9363-5_28
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0958-2
Online ISBN: 978-3-8348-9363-5
eBook Packages: Computer ScienceComputer Science (R0)