SECURITY ENGINEERING

Nikita Manwani, Kruti Lavingia
unpublished
Software security is about building software that functions correctly even in the face of animus attack. Security engineering is the idea of systems that remain dependable under any malice, error or bugs. Software security includes consequences due to the implementation of bugs, inconsistent error handling or malicious intruders that can hack into the system. In a technological advanced world, applications shared on the Internet are the most vulnerable. Software security can be achieved by risk
more » ... analyses and testing from the scratch as avoiding threats while building the software. Security engineering works on tools, processes and methods needed to build, execute and test whole systems. The paper focuses on tools that help protecting distributed systems. I.INTRODUCTION Security engineering is about creating systems that stay dependable even in case of a malicious attack. It focuses on a variety of tools and procedures, ranging from cryptography to security of the system via hardware tamper resistance [1]. In certain scenarios, a secure system is extremely vital due to the following reasons-endangerment of life in case of nuclear safety, grave damage to economic organization in case of ATM"s or bank systems, or threat to personal privacy such as medical records or other important documents. It focuses more on of what should not be accessed rather than on the point of view that looks at things that are allowed to view by a certain user. Security requirements depend largely on a respective system. A combination of user authentication, transaction integrity, accountability and fault tolerance is needed. Keeping the system protected depends on several procedures rather than just implementing one process. Decent security engineering demands four things to be combined that are: 1. Policy: what one is supposed to attain. 2. Mechanism: ciphers, access controls and hardware tamper resistance. 3. Assurance: amount of faith one can put on a particular procedure. 4. Incentive: purpose that the people defending the system have to do their job properly and also motive that the attackers have to try to win against the security. Figure 1. Dependency of the four factors [2].
fatcat:ofp2rjs73vb75ad3ccalyphh24