A Structured Approach to Software Security

van Opstal, Ton

doi:10.1007/978-3-8348-9363-5_28

Ton van Opstal¹

900 Accesses

Abstract

Security is an important aspect of software that needs to be considered during the entire System Development Life Cycle (SDLC). A structured and practical approach to handle Software Security is proposed by defining the con-cept of Security Architecture and by using this Security Architecture as key concept to relate all security activities that need to be performed as defined by the SDLC. The Security Architecture itself is described using a structured definition format, called the Extensible Security Architecture Description Format (XSADF). XSADF can be used as input format for tools that can assess the security aspects of a system under development.

To support the work on a Security Architecture, a Security Architecture Framework is proposed. Software Architects can use this framework as a template to define the Security Architecture for the system they are developing.

The structured approach using XSADF, with a central place for Security Architecture, is a step to achieve „security by design“.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Howard, Michael – Lipner, Steve: The Security Development Lifecycle. Microsoft, 2006, ISBN: 978- 0-735-62214-2.
Google Scholar
McGraw, Gary: Software Security Building Security In, Addison-Wesley, 2006, ISBN: 0-321-35670-5
Google Scholar
Kissel, Richard – Stine, Kevin – Scholl, Matthew – Rossman, Hart – Fahlsing, Jim – Gulick, Jessica: NIST Special Publication 800-64, Revision 2, Security Considerations in the Information System Development Life Cycle, NIST, November 2008, http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf
van Opstal, Ton: A Structured Approach to Software Security, Introducing the Extensible Security Architecture Description Format. Master Thesis TiasNimbas Business School, November 2008
Google Scholar
Ross, Ron – Katzke, Stu – Johnson, Arnold – Swanson, Marianne – Stoneburner, Gary – Rogers, George: NIST Special Publication 800-53, Revision 2, Recommended Security Controls for Federal Information Systems, NIST, December 2007 http://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2-final.pdf
Ziring, Neal – Quinn, Stephen D.: Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.1.4, NIST, January 2008 http://csrc.nist.gov/publications/nistir/ir7275r3/NISTIR-7275r3.pdf

Download references

Author information

Authors and Affiliations

Ericsson Telecommunicatie BV Research & Development, Rijen, The Netherlands, Ericssonstraat 2
Ton van Opstal

Authors

Ton van Opstal
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Norbert Pohlmann Helmut Reimer Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

van Opstal, T. (2010). A Structured Approach to Software Security. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2009 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9363-5_28

Download citation

DOI: https://doi.org/10.1007/978-3-8348-9363-5_28
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0958-2
Online ISBN: 978-3-8348-9363-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics