A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
An integrated framework for software vulnerability detection, analysis and mitigation: an autonomic system
2017
Sadhana (Bangalore)
Preserved Fulltext
The proposed framework uses a knowledge base and inference engine, which automatically takes the remediating actions on future occurrence of software security vulnerabilities through self-configuration ...
Nowadays, the number of software vulnerabilities incidents and the loss due to occurrence of software vulnerabilities are growing exponentially. ...
In this framework, the intelligent sub-component automatically determines the compliance of the organizational security requirements by measuring deviations between the implemented and the required security ...
doi:10.1007/s12046-017-0696-7
fatcat:jmiqhxwgvrek5ex5vrezy7roau
An Empirical Study of the Framework Impact on the Security of JavaScript Web Applications
2018
Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW '18
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Results: We analyze the results to compare the number of vulnerable projects to the mitigation locations used in each framework and perform statistical analysis of confounding variables. ...
Aim: The goal of our study is to understand how the security features of a framework impact the security of the applications written using that framework. ...
On the other hand, the AngularJS template engine has L4 mitigation implemented -it outputs a safe subset of HTML as a built-in feature, which does not require any additional work performed by a developer ...
doi:10.1145/3184558.3188736
dblp:conf/www/PegueroZC18
fatcat:e5qketec5zby7mjhxgln7pjnna
A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations
[chapter]
2009
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities. ...
Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. ...
These examples show that different frameworks have different conceptual structure and capabilities; therefore, by adopting the ontology elements into each conceptual framework, different types of analysis ...
doi:10.1007/978-3-642-04840-1_10
fatcat:hwgcd2rr7bbcddd247pibgufhi
Security Testing in Requirements Phase of SDLC
2013
International Journal of Computer Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
The importance and real potential of security in Requirements Engineering (RE) is now being well recognized. ...
The inclusion of security controls and measures during the requirements phase helps to design, implement, develop and maintain secure and cost effective software. ...
They evaluated the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project [25] . ...
doi:10.5120/11609-6985
fatcat:3agcd7ctobbaposlqkncfxlidq
Software Security Metric Development Framework (An Early Stage Approach)
2013
American Journal of Software Engineering and Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Our next effort will be to implement the proposed framework to develop security metrics in early stage of software development life cycle. ...
In absence of any standard guideline or methodology to develop early stage security metrics, an effort has been made to provide a strong theoretical basis to develop such a framework. ...
Regulatory, financial, and organizational reasons drive the requirement to measure software security performance. ...
doi:10.11648/j.ajsea.20130206.14
fatcat:kwwawg7nrfgkxeuo3fyulvj2fm
A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities
2009
Requirements Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf.
This paper proposes a methodological framework for security requirements elicitation and analysis centered on vulnerabilities. ...
Many security breaches occur because of exploitation of vulnerabilities within the system. ...
Acknowledgment Financial support from Natural Science and Engineering Research Council of Canada and Bell University Labs is gratefully acknowledged. ...
doi:10.1007/s00766-009-0090-z
fatcat:7tjbmbbxwvcn3n3mrelvv4efp4
Security Requirement Engineering Issues in Risk Management
2011
International Journal of Computer Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Risk management is one of the most important aspects of security requirement engineering domain, which allows comparing security needs and costs of security measures. ...
In this paper, we have discussed the incorporation of security issues in requirement engineering process. ...
Some researchers performed their research work in the context of risk management and particularly risk analysis, such as threat analysis, vulnerability and impact on each component of the system [2, 3 ...
doi:10.5120/2218-2827
fatcat:7bpgwhjmwjgqziaacsfa7ojc5e
Proposing Security Requirement Prioritization Framework
2012
International Journal of Computer Science Engineering and Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
So this calls for a new process of software engineering in which we would try to give a proper framework for integrating the security requirements with the SDLC, and in this requirement engineers must ...
Generally software engineering processes tries to compel the security measures during the various design phases which results into an inefficient measure. ...
PROPOSED WORK While Proposing a Security Requirement Prioritization Framework based on the threat analysis, we are giving a brief of all those steps which are necessary for achieving the final prioritized ...
doi:10.5121/ijcsea.2012.2303
fatcat:runo5hjdbvgvfhdw4qx3be2rpa
Scalable Approach Towards Discovery of Unknown Vulnerabilities
2018
International Journal of Network Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
The first layer of the proposed framework is liable to detect the unknown vulnerability which is based on statistical, signature and behavior based techniques; the second layer focuses on risk measurement ...
The proposed framework is analyzed in network environment of Vikram University Ujjain, India in order to evaluate the performance; experimental results show detection rate of 89% with 3% false positive ...
Acknowledgments Authors are thankful to MP Council of Science and Technology, Bhopal, for providing support and financial grant for the research work. ...
dblp:journals/ijnsec/SinghJ18
fatcat:5efsi7hyubggzp2k4wpb4kclge
Secured Requirement Specification Framework (SRSF)
2008
American Journal of Applied Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
One of the most ignored parts of a security-enhanced software development lifecycle is the security requirements engineering process. ...
This study presents a framework for the security requirement specification called Secured Requirement Specification Framework ( S RSF), which is prescriptive in nature. ...
Perform security analysis of requirement: Before performing a security analysis, one must understand what is to be built. ...
doi:10.3844/ajassp.2008.1622.1629
fatcat:zlzpgmofzngdhb45ooeaysm5xy
Bridging the Gap between Risk Analysis and Security Policies
[chapter]
2003
Security and Privacy in the Age of Uncertainty
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
We believe that a number of methods and techniques developed by the Requirement Engineering community. and goal requirements modelling in particular. can be useful to bridge this gap by providing modelling ...
In the IT security management process. a methodological gap exists between the results of a risk analysis. the development of adequate security policies and the selection of appropriate operational controls ...
Part of the research is performed within the context of the LlASIT (Luxembourg International Advanced Studies in Information Technologies) Institute. ...
doi:10.1007/978-0-387-35691-4_37
fatcat:c5mehyl6wrfllo4ksuwtfonb5a
A framework to support selection of cloud providers based on security and privacy requirements
2013
Journal of Systems and Software
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
of the service provider to the relevant security and privacy requirements. ...
Our framework incorporates a modelling language and it provides a structured process that supports elicitation of security and privacy requirements and the selection of a cloud provider based on the satisfiability ...
FRAMEWORK
Overview of the framework The proposed framework consists of a language and a process that is focused on the requirements engineering stage. ...
doi:10.1016/j.jss.2013.03.011
fatcat:z6ekfy6jzjhoro6wj73fpp4uxa
SOURCERER: Developer-Driven Security Testing Framework for Android Apps
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
App developers struggle to find an actionable and prioritized list of vulnerabilities from a laundry list of security warnings reported by static analysis tools. ...
., using static analysis tools) approaches lack context and domain-specific requirements of an app being tested. ...
We argue that the list of commonly available security requirements and testing guidelines is too broad and can not be readily tailored and adapted by a developer to measure the security posture of her ...
arXiv:2111.01631v2
fatcat:cnpgk3rtfjfpfad5sbwsim232u
A Novel Framework for Security Requirement Prioritization
2012
International Journal of Computer Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
This methodology improves the security in software applications of the business environment by gathering the properly processed requirements, identifying the vulnerabilities and their corresponding threats ...
Security Requirements prioritization is one of the important Processes in the Software engineering, which aims at identifying and prioritizing the most crucial security requirements for the software project ...
Consequently, its reliability and performance gets deteriorated. To avoid failure of software applications, most of the software engineers generate software security requirements. ...
doi:10.5120/4626-6868
fatcat:z7mnyywq7vhlbpdvxvs6bt3ngu
Information Security Risk Management Framework for University Computing Environment
2017
International Journal of Network Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
This model can be used by risk analyst and security manager of University to perform reliable and repeatable risk analysis in realistic and affordable manner. ...
The proposed framework reduces the risk of security breach by supporting three phase activities; the first phase assesses the threats and vulnerabilities in order to identify the weak point in educational ...
Acknowledgments The authors are thankful to MP Council of Science and Technology, Bhopal, for providing support and financial grant for the research work. ...
dblp:journals/ijnsec/SinghJ17
fatcat:uernnld7h5dyzowslp75utn7ei
« Previous
Showing results 1 — 15 out of 89,605 results