TY - GEN
T1 - Incorporating database systems into a secure software development methodology
AU - Fernandez, Eduardo B.
AU - Jurjens, Jan
AU - Yoshioka, Nobukazu
AU - Washizaki, Hironori
PY - 2008/12/26
Y1 - 2008/12/26
N2 - We have proposed in the past three separate methodologies for secure software development. We have found that they have many common and complementary aspects and we proposed a combination of them that appears as a good approach to secure software development. The combined methodology applies security at all stages, considers the architectural levels of the system, applies security policies through the use of patterns, and formalizes some portions of the design. We have studied in some detail how to elicit and describe security requirements, how to reflect these requirements in the conceptual model, how to estimate some performance aspects, how to formalize some aspects such as communication protocols, and how to map the conceptual requirements into design artifacts. A design aspect which we have not studied is the incorporation of databases as part of the secure architecture. The database system is a fundamental aspect for security because it stores the persistent information, which constitutes most of the information assets of the institution. We present here some ideas on how to make sure that the database system has the same level of security than the rest of the secure application.
AB - We have proposed in the past three separate methodologies for secure software development. We have found that they have many common and complementary aspects and we proposed a combination of them that appears as a good approach to secure software development. The combined methodology applies security at all stages, considers the architectural levels of the system, applies security policies through the use of patterns, and formalizes some portions of the design. We have studied in some detail how to elicit and describe security requirements, how to reflect these requirements in the conceptual model, how to estimate some performance aspects, how to formalize some aspects such as communication protocols, and how to map the conceptual requirements into design artifacts. A design aspect which we have not studied is the incorporation of databases as part of the secure architecture. The database system is a fundamental aspect for security because it stores the persistent information, which constitutes most of the information assets of the institution. We present here some ideas on how to make sure that the database system has the same level of security than the rest of the secure application.
UR - http://www.scopus.com/inward/record.url?scp=57849090099&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=57849090099&partnerID=8YFLogxK
U2 - 10.1109/DEXA.2008.100
DO - 10.1109/DEXA.2008.100
M3 - Conference contribution
AN - SCOPUS:57849090099
SN - 9780769532998
T3 - Proceedings - International Workshop on Database and Expert Systems Applications, DEXA
SP - 310
EP - 314
BT - Proceedings - DEXA 2008, 19th International Conference on Database and Expert Systems Applications
T2 - DEXA 2008, 19th International Conference on Database and Expert Systems Applications
Y2 - 1 September 2008 through 5 September 2008
ER -