Start Submission Become a Reviewer

Reading: A Security Specific Knowledge Modeling Approach for Secure Software Engineering

Download

A- A+
Alt. Display

Research Communications

A Security Specific Knowledge Modeling Approach for Secure Software Engineering

Authors:

A Abeyratne,

University of Colombo School of Computing, No: 35, Reid Avenue, Colombo 07, LK
X close

C Samarage,

University of Colombo School of Computing, No: 35, Reid Avenue, Colombo 07, LK
X close

B Dahanayake,

University of Colombo School of Computing, No: 35, Reid Avenue, Colombo 07, LK
X close

C Wijesiriwardana ,

Faculty of Information Technology, University of Moratuwa, LK
X close

P Wimalaratne

University of Colombo School of Computing, No: 35, Reid Avenue, Colombo 07, LK
X close

Abstract

The paradigm shift of “Build Security In” has emerged in recent decades with the underpinning idea of software security has to be an integral part of all the phases of the software development lifecycle. As a result, each phase of the lifecycle is associated with security specific best practices such as threat modeling and static code analysis. It was observed that various artifacts (i.e., security requirements, architectural flaws, bug reports, security test cases) generated as a result of security best practices tend to be disconnected from each other. This creates a significant barrier to ensure the security issues identified in the architectural level are incorporated in the implementation level. In order to address this issue, this paper presents a knowledge-modeling based approach to semantically infer the associations between architectural level security flaws and code level security bugs, which is manually tedious. Threat modeling and static analysis are used to identify security flaws, and security bugs respectively. The case study based experimental results reveal that the architectural security flaws have a significant impact on originating security bugs in the code level.
How to Cite: Abeyratne, A., Samarage, C., Dahanayake, B., Wijesiriwardana, C. and Wimalaratne, P., 2020. A Security Specific Knowledge Modeling Approach for Secure Software Engineering. Journal of the National Science Foundation of Sri Lanka, 48(1).
Published on 28 Apr 2020.
Peer Reviewed

Downloads

comments powered by Disqus