Start Submission Become a Reviewer

Reading: A security specific knowledge modelling approach for secure software engineering

Download

A- A+
Alt. Display

Research Communications

A security specific knowledge modelling approach for secure software engineering

Authors:

A Abeyratne,

University of Colombo School of Computing, No: 35, Reid Avenue, Colombo 07, LK
X close

C Samarage,

University of Colombo School of Computing, No: 35, Reid Avenue, Colombo 07, LK
X close

B Dahanayake,

University of Colombo School of Computing, No: 35, Reid Avenue, Colombo 07, LK
X close

C Wijesiriwardana,

Faculty of Information Technology, University of Moratuwa, LK
X close

P Wimalaratne

University of Colombo School of Computing, No: 35, Reid Avenue, Colombo 07, LK
X close

Abstract

The paradigm shift of ‘Build Security In’ has emerged in recent decades with the underpinning idea that software security has to be an integral part of all the phases of the software development lifecycle. As a result, each phase of the lifecycle is associated with security specific best practices such as threat modelling and static code analysis. It was observed that various artefacts (i.e., security requirements, architectural flaws, bug reports, security test cases) generated as a result of security best practices tend to be disconnected from each other. This creates a significant barrier to ensure that the security issues identified in the architectural level are incorporated in the implementation level. In order to address this issue, this paper presents a knowledge-modelling based approach to semantically infer the associations between architectural level security flaws and code level security bugs, which is manually tedious. Threat modelling and static analysis are used to identify security flaws, and security bugs, respectively. The case study based experimental results reveal that the architectural security flaws have a significant impact on originating security bugs in the code level.

How to Cite: Abeyratne, A., Samarage, C., Dahanayake, B., Wijesiriwardana, C. and Wimalaratne, P., 2020. A security specific knowledge modelling approach for secure software engineering. Journal of the National Science Foundation of Sri Lanka, 48(1), pp.93–98. DOI: http://doi.org/10.4038/jnsfsr.v48i1.8950
Published on 28 Apr 2020.
Peer Reviewed

Downloads

  • PDF (EN)

    comments powered by Disqus