AN ENGINEERING FRAMEWORK TO IMPLEMENT SECURITY IN SOFTWARE SYSTEM

Abstract

Secure software development is the need of today’s world because of the rise in the incidences of security breach like data theft, man in the middle attack, and others. Many techniques are available for handling security issues in software systems. However, it is recognized that none of the current proposals has complete engineering process to implement security in software system development. Also, a seamless integration of security engineering in the software development process is required.

This thesis addresses the issues by providing a methodology to develop a secure software system. The solution starts by developing a three-phase framework for security engineering, namely security requirements engineering, security design engineering, and security testing. Phases of the novel proposal are not independent they work together to achieve our goal of secure software development.

During the security requirements engineering phase, in addition to functional and non-functional requirements security requirements are also elicited, analyzed, prioritized and specified. During the design phase, efficient algorithms for implementation of security requirements are selected based on the applicable domain constraints. After that, testing of system security level is done to ensure that most of the security threats are mitigated.

The proposed generic framework is applied to new emerging domains like cloud computing, internet of things and big data databases. These new domains are vulnerable to various new threats and issues. These fields are becoming very common, as they have numerous functionalities, assets, threats, etc. To cater the need VI of handling issues, repositories are made for easy access instead of tedious manual task.

Further, a tool to automate the process of secure software development is built to help the users in knowing system security needs and standards.