89,605 Hits in 4.6 sec

An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system

Manoj Kumar, Arun Sharma
2017 Sadhana (Bangalore)  
The proposed framework uses a knowledge base and inference engine, which automatically takes the remediating actions on future occurrence of software security vulnerabilities through self-configuration  ...  Nowadays, the number of software vulnerabilities incidents and the loss due to occurrence of software vulnerabilities are growing exponentially.  ...  In this framework, the intelligent sub-component automatically determines the compliance of the organizational security requirements by measuring deviations between the implemented and the required security  ... 
doi:10.1007/s12046-017-0696-7 fatcat:jmiqhxwgvrek5ex5vrezy7roau

An Empirical Study of the Framework Impact on the Security of JavaScript Web Applications

Ksenia Peguero, Nan Zhang, Xiuzhen Cheng
2018 Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW '18  
Results: We analyze the results to compare the number of vulnerable projects to the mitigation locations used in each framework and perform statistical analysis of confounding variables.  ...  Aim: The goal of our study is to understand how the security features of a framework impact the security of the applications written using that framework.  ...  On the other hand, the AngularJS template engine has L4 mitigation implemented -it outputs a safe subset of HTML as a built-in feature, which does not require any additional work performed by a developer  ... 
doi:10.1145/3184558.3188736 dblp:conf/www/PegueroZC18 fatcat:e5qketec5zby7mjhxgln7pjnna

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations [chapter]

Golnaz Elahi, Eric Yu, Nicola Zannone
2009 Lecture Notes in Computer Science  
These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities.  ...  Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system.  ...  These examples show that different frameworks have different conceptual structure and capabilities; therefore, by adopting the ontology elements into each conceptual framework, different types of analysis  ... 
doi:10.1007/978-3-642-04840-1_10 fatcat:hwgcd2rr7bbcddd247pibgufhi

Security Testing in Requirements Phase of SDLC

S. K.Pandey, Mona Batra
2013 International Journal of Computer Applications  
The importance and real potential of security in Requirements Engineering (RE) is now being well recognized.  ...  The inclusion of security controls and measures during the requirements phase helps to design, implement, develop and maintain secure and cost effective software.  ...  They evaluated the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project [25] .  ... 
doi:10.5120/11609-6985 fatcat:3agcd7ctobbaposlqkncfxlidq

Software Security Metric Development Framework (An Early Stage Approach)

A. Agrawal
2013 American Journal of Software Engineering and Applications  
Our next effort will be to implement the proposed framework to develop security metrics in early stage of software development life cycle.  ...  In absence of any standard guideline or methodology to develop early stage security metrics, an effort has been made to provide a strong theoretical basis to develop such a framework.  ...  Regulatory, financial, and organizational reasons drive the requirement to measure software security performance.  ... 
doi:10.11648/j.ajsea.20130206.14 fatcat:kwwawg7nrfgkxeuo3fyulvj2fm

A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities

Golnaz Elahi, Eric Yu, Nicola Zannone
2009 Requirements Engineering  
This paper proposes a methodological framework for security requirements elicitation and analysis centered on vulnerabilities.  ...  Many security breaches occur because of exploitation of vulnerabilities within the system.  ...  Acknowledgment Financial support from Natural Science and Engineering Research Council of Canada and Bell University Labs is gratefully acknowledged.  ... 
doi:10.1007/s00766-009-0090-z fatcat:7tjbmbbxwvcn3n3mrelvv4efp4

Security Requirement Engineering Issues in Risk Management

Dhirendra Pandey, Ugrasen Suman, A. K. Ramani
2011 International Journal of Computer Applications  
Risk management is one of the most important aspects of security requirement engineering domain, which allows comparing security needs and costs of security measures.  ...  In this paper, we have discussed the incorporation of security issues in requirement engineering process.  ...  Some researchers performed their research work in the context of risk management and particularly risk analysis, such as threat analysis, vulnerability and impact on each component of the system [2, 3  ... 
doi:10.5120/2218-2827 fatcat:7bpgwhjmwjgqziaacsfa7ojc5e

Proposing Security Requirement Prioritization Framework

Aayush Gulati
2012 International Journal of Computer Science Engineering and Applications  
So this calls for a new process of software engineering in which we would try to give a proper framework for integrating the security requirements with the SDLC, and in this requirement engineers must  ...  Generally software engineering processes tries to compel the security measures during the various design phases which results into an inefficient measure.  ...  PROPOSED WORK While Proposing a Security Requirement Prioritization Framework based on the threat analysis, we are giving a brief of all those steps which are necessary for achieving the final prioritized  ... 
doi:10.5121/ijcsea.2012.2303 fatcat:runo5hjdbvgvfhdw4qx3be2rpa

Scalable Approach Towards Discovery of Unknown Vulnerabilities

Umesh Kumar Singh, Chanchala Joshi
2018 International Journal of Network Security  
The first layer of the proposed framework is liable to detect the unknown vulnerability which is based on statistical, signature and behavior based techniques; the second layer focuses on risk measurement  ...  The proposed framework is analyzed in network environment of Vikram University Ujjain, India in order to evaluate the performance; experimental results show detection rate of 89% with 3% false positive  ...  Acknowledgments Authors are thankful to MP Council of Science and Technology, Bhopal, for providing support and financial grant for the research work.  ... 
dblp:journals/ijnsec/SinghJ18 fatcat:5efsi7hyubggzp2k4wpb4kclge

Secured Requirement Specification Framework (SRSF)

R.A. Khan, K. Mustafa
2008 American Journal of Applied Sciences  
One of the most ignored parts of a security-enhanced software development lifecycle is the security requirements engineering process.  ...  This study presents a framework for the security requirement specification called Secured Requirement Specification Framework ( S RSF), which is prescriptive in nature.  ...  Perform security analysis of requirement: Before performing a security analysis, one must understand what is to be built.  ... 
doi:10.3844/ajassp.2008.1622.1629 fatcat:zlzpgmofzngdhb45ooeaysm5xy

Bridging the Gap between Risk Analysis and Security Policies [chapter]

Paul Gaunard, Eric Dubois
2003 Security and Privacy in the Age of Uncertainty  
We believe that a number of methods and techniques developed by the Requirement Engineering community. and goal requirements modelling in particular. can be useful to bridge this gap by providing modelling  ...  In the IT security management process. a methodological gap exists between the results of a risk analysis. the development of adequate security policies and the selection of appropriate operational controls  ...  Part of the research is performed within the context of the LlASIT (Luxembourg International Advanced Studies in Information Technologies) Institute.  ... 
doi:10.1007/978-0-387-35691-4_37 fatcat:c5mehyl6wrfllo4ksuwtfonb5a

A framework to support selection of cloud providers based on security and privacy requirements

Haralambos Mouratidis, Shareeful Islam, Christos Kalloniatis, Stefanos Gritzalis
2013 Journal of Systems and Software  
of the service provider to the relevant security and privacy requirements.  ...  Our framework incorporates a modelling language and it provides a structured process that supports elicitation of security and privacy requirements and the selection of a cloud provider based on the satisfiability  ...  FRAMEWORK Overview of the framework The proposed framework consists of a language and a process that is focused on the requirements engineering stage.  ... 
doi:10.1016/j.jss.2013.03.011 fatcat:z6ekfy6jzjhoro6wj73fpp4uxa

SOURCERER: Developer-Driven Security Testing Framework for Android Apps [article]

Muhammad Sajidur Rahman, Blas Kojusner, Ryon Kennedy, Prerit Pathak, Lin Qi, Byron Williams
2021 arXiv   pre-print
App developers struggle to find an actionable and prioritized list of vulnerabilities from a laundry list of security warnings reported by static analysis tools.  ...  ., using static analysis tools) approaches lack context and domain-specific requirements of an app being tested.  ...  We argue that the list of commonly available security requirements and testing guidelines is too broad and can not be readily tailored and adapted by a developer to measure the security posture of her  ... 
arXiv:2111.01631v2 fatcat:cnpgk3rtfjfpfad5sbwsim232u

A Novel Framework for Security Requirement Prioritization

Shalini Sharma, Ajit Singh Malik
2012 International Journal of Computer Applications  
This methodology improves the security in software applications of the business environment by gathering the properly processed requirements, identifying the vulnerabilities and their corresponding threats  ...  Security Requirements prioritization is one of the important Processes in the Software engineering, which aims at identifying and prioritizing the most crucial security requirements for the software project  ...  Consequently, its reliability and performance gets deteriorated. To avoid failure of software applications, most of the software engineers generate software security requirements.  ... 
doi:10.5120/4626-6868 fatcat:z7mnyywq7vhlbpdvxvs6bt3ngu

Information Security Risk Management Framework for University Computing Environment

Umesh Kumar Singh, Chanchala Joshi
2017 International Journal of Network Security  
This model can be used by risk analyst and security manager of University to perform reliable and repeatable risk analysis in realistic and affordable manner.  ...  The proposed framework reduces the risk of security breach by supporting three phase activities; the first phase assesses the threats and vulnerabilities in order to identify the weak point in educational  ...  Acknowledgments The authors are thankful to MP Council of Science and Technology, Bhopal, for providing support and financial grant for the research work.  ... 
dblp:journals/ijnsec/SinghJ17 fatcat:uernnld7h5dyzowslp75utn7ei
« Previous Showing results 1 — 15 out of 89,605 results