跳至主要内容

A Case Study of Adopting Security Guidelines in Undergraduate Software Engineering Education

Read full paper at:
http://www.scirp.org/journal/PaperInformation.aspx?PaperID=52262#.VI5JisnQrzE

Author(s)
Security plays a large role in software development; simply without its existence the software would be vulnerable to many different types of attacks. Software security prevents leaks of data, alternation of data, and unauthorized access to data. Building a secure software involves a number of different processes but security awareness and implementation are the most important ones among them. To produce high quality software security engineers need to meet today’s cybersecurity demands, security awareness and implementation must be integrated in undergraduate computer science programming courses. In this paper, we demonstrate the importance of adopting security guidelines in undergraduate software engineering education. Thus, this paper focuses on integrating secure guidelines into existing applications to eliminate common security vulnerabilities. An assessment table, derived from several existing Java security guidelines, is developed to provide in depth critiques of the selected capstone project. Potential security vulnerabilities in the capstone project are identified and presented in a form showing the degree of threats against the three security characteristics: confidentiality, integrity, and availability addressed in the McCumber Cube model. Meanwhile, vulnerability density of the capstone project is calculated to demonstrate the performance of this research.
Cite this paper
Hu, Y. and Scott, C. (2014) A Case Study of Adopting Security Guidelines in Undergraduate Software Engineering Education. Journal of Computer and Communications, 2, 25-36. doi: 10.4236/jcc.2014.214003
 

[1] Raman, J. (2006) Regulating Secure Software Development. University of Lapland Printing Centre, Rovaniemi.
[2] Sinn, R. (2008) Software Security Technologies: A Programmatic Approach. Thomson Course Technology, Boston.
[3] Janssen, C. (2010) Data Security. Techopedia.
http://www.techopedia.com/definition/26464/data-security
[4] Janssen, C. “Information Security (IS)”. Techopedia.
http://www.techopedia.com/definition/10282/information-security-is
[5] “Digital Rights Management”. The Free Dictionary.
http://www.thefreedictionary.com/Content+security
[6] Grembi, J.C. (2008) Secure Software Development: A Security Programmer’s Guide. Thomson Course Technology, Boston.
[7] Oracle, “Java SE Security Documentation”.
http://www.oracle.com/technetwork/java/index-139231.html
[8] Long, F., Mohindra, D., Seacord, R.C., Sutherland, D.F. and Svoboda, D. (2011) The CERT Oracle Secure Coding Standard for Java, Addison-Wesley Professional.
[9] What Are the Software Development Life Cycle Phases?
http://istqbexamcertification.com/what-are-the-software-development-life-cycle-sdlc-phases/
[10] Howard, M. and Lipner, S. (2004) The Trustworthy Computing Security Development Lifecycle. IEEE 2004 Annual Computer Security Applications Conference, Tucson.
[11] Davis, N. (2006) Secure Software Development Life Cycle Process. Carnegie Mellon University, Pittsburgh.
https://buildsecurityin.us-cert.gov/articles/knowledge/sdlc-process/secure-software-development-life-cycle-processes.
[12] Maconachy, W.V., Schou, C.D., Ragsda, D. and Welch, D. (2001) A Model for Information Assurance: Integrated Approach. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, New York, 5-6 June 2001.
[13] Allen, J. (2010) Measuring Software Security. Carnegie Mellon University, Pittsburgh.
[14] Ruiz-Vanoye, J.A., Díaz-Parra, O., Arias, M.D.I.á.B. and Saenz, A.C. (2013) A Model for Evolutionary Software Development with Security (MESS) Applied to an Electrical Research Institute. Mexican Journal of Scientific Research, 2, 2-22.
[15] Whitman, M.E. and Mattord, H.J. (2012) Principle of Information Security. 4th Edition, Thomson Course Technology, Boston.
[16] “Review: McCumber Cube Methodology,” Protect Your Bits, 5 October 2009.
http://protectyourbits.wordpress.com/2009/10/05/review-mccumber-cube-methodology/
[17] Jone, C. (2012) Software Quality Metrics: Three Harmful Metrics and Two Helpful Metrics.
[18] Lab, K. (2013) Global Corporate IT Security Risks: 2013.
[19] Alhazmi, O.H., Malyiya, Y.K. and Ray, I. (2006) Measuring, Analyzing and Predicting Security Vulnerabilities in Software Systems. Computer & Security, 26, 219-228.
[20] Mohagheghi, P., Conradi, R., Killi, O.M. and Schwarz, H. (2006) An Empirical Study of Software Reuse vs. Defect-Density and Stability. Proceedings of the 26th International Conference on Software Engineering, Edinburgh, 23-28 May 2006, 282-292.
[21] CWE, CWE-844: Weaknesses Addressed by the CERT Java Secure Coding Standard. Common Weakness Enumeration.
https://cwe.mitre.org/data/definitions/844.html            eww141215lx
[22] Oracle, Secure Coding Guidelines for the Java Programming Language, Version 4.0.
http://www.oracle.com/technetwork/java/seccodeguide-139067.html
标签:

评论

发表评论

此博客中的热门博文

Electron Spin and Proton Spin in the Hydrogen and Hydrogen-Like Atomic Systems

Read full paper at: http://www.scirp.org/journal/PaperInformation.aspx?PaperID=52202#.VIj7tMnQrzE Author(s) Stanisław Olszewski * Affiliation(s) Institute of Physical Chemistry, Polish Academy of Sciences, Warsaw, Poland . ABSTRACT The mechanical angular momentum and magnetic moment of the electron and proton spin have been calculated semiclassically with the aid of the uncertainty principle for energy and time. The spin effects of both kinds of the elementary particles can be expressed in terms of similar formulae. The quantization of the spin motion has been done on the basis of the old quantum theory. It gives a quantum number n = 1/2 as the index of the spin state acceptable for both the electron and proton ...
发表评论
阅读全文

A Study on the Seismic Isolation Systems of Bridges with Lead Rubber Bearings

Read full paper at: http://www.scirp.org/journal/PaperInformation.aspx?PaperID=52566#.VJt06cCAM4 Author(s)   Woo-Suk Kim , Dong-Joon Ahn , Jong-Kook Lee Affiliation(s) School of Architecture, Kumoh National Institute of Technology, Gumi, Republic of Korea . ABSTRACT This study consists of the development and presentation of example of seismic isolation system analysis and design for a continuous, 3-span, cast-in-place concrete box girder bridge. It is expected that example is developed for all Lead-Rubber Bearing (LRB) seismic isolation system on piers and abutments which placed in between super-structure and sub-structure. Design forces, displacements, and drifts are given distinctive consideration in...
发表评论
阅读全文

Effects of Karate Training on Basic Motor Abilities of Primary School Children

“You never attack first in karate” might be the best conclusion of karate, which is a martial art practiced typically without weapons. It’s reported that karate has a long history for several hundred years, but the modern karate was spread to the whole Japan from Okinawa in the early part of 20th century. Now it has become one of the most widely practiced martial art forms in the world. Usually, it’s divided into Kihon, Kata and Kumite. As for the beginners, Kihon is more suitable for them because it involves basic techniques. Due to karate consists of dynamic offensive and defensive techniques using all parts of the body to their maximum advantage, the best understanding of true karate practice is the perfection of oneself through the perfection of the art. It not only develops coordination, quickens reflexes, and builds stamina, but also develops composure, a clearer thought process, deeper insight into one’s mental capabilities, and more self-confidence. So many researchers stu...
发表评论
阅读全文