Octopus: University of The Aegean Research & Project Outputs System

Conference

Authors:	Balopoulos T., Dritsas S., Gymnopoulos L., Karyda M., Kokolakis S., Gritzalis S.
Title:	Incorporating Security Requirements into the Software Development Process
Conference:	ECIW 2005 4th European Conference on Information Warfare and Security
Editors:
Ed:	No
Eds:	No
Pages:	21-28
To appear:	No
Month:	July
Year:	2005
Place:	Glamorgan, United Kingdom
Pubisher:	Academic Conferences Limited
Link:	http://www.google.gr/books?hl=en&lr=&id=Vf3QzGSLLhUC&oi=fnd&pg=PA21&dq=Security+requirements,+such+as+authentication,+confidentiality,+authorization,+
File name:
Abstract:	Security requirements, such as authentication, confidentiality, authorization, availability, integrity and privacy, are becoming extremely common in software development processes. However, in practical terms, it has been proved that only rarely the developed software fulfils the related security requirements. The reason for this is twofold. On one hand software developers are not security experts and thus they are not competent in selecting and applying the appropriate security countermeasures. On the other hand, many security requirements are intrinsically difficult to deal with. This paper aims to address both of the aforementioned issues and to introduce potential solutions. It starts by analysing the major security requirements, and goes on to explore how they can be mapped into concrete security solutions or/and mechanisms. Then, it examines how the fulfilment of security requirements influences the choice of development methodologies and paradigms (with the emphasis being on the design phase), so that the requirements are effectively satisfied. The discussion covers object-oriented and aspect-oriented programming, the Rational Unified Process, UML and UMLsec, as well as security patterns, with regard to the ways they can support the use of security solutions or/and mechanisms.