Current Taxonomy of Information Security Threats in Software Development Life Cycle

被引：0

作者：

Barabanov, Alexander V. ^{[1
]}

Markov, Alexey S. ^{[2
]}

Grishin, Maksim I. ^{[1
]}

Tsirlov, Valentin L. ^{[2
]}

机构：

[1] NPO Echelon, Testing Dept, Moscow, Russia

[2] NPO Echelon, Informat Secur Dept, Moscow, Russia

来源：

2018 IEEE 12TH INTERNATIONAL CONFERENCE ON APPLICATION OF INFORMATION AND COMMUNICATION TECHNOLOGIES (AICT) | 2018年

关键词：

information security; software security; secure software development; security vulnerabilities; software weakness; threat modeling; software-development life cycle; vulnerabilities taxonomy; information security regulations;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

The work presents the original taxonomy of information security threats in the software development life cycle. The model of an attacker acting in software development environments is presented. The proposed attacker model contains: a list of sources of information security threats, attacker types and categories, description of likely targets (motivations) of attacks on information security and description of attackers' potentials and capabilities. A systematized list of information security threats during software development (35 threats) was proposed. Threats were classified according with software life cycle processes established by ISO/IEC 12207. Each threat is presented using the following parameters: threat description, threat sources, target, and security implications. Comparative analysis of the obtained list of information security threats and current research findings was carried out.

引用

页码：196 / 201

页数：6

共 50 条

[1] Software Development Life Cycle Security Issues
Kaur, Daljit
Kaur, Parminder
[J]. 2ND INTERNATIONAL CONFERENCE ON METHODS AND MODELS IN SCIENCE AND TECHNOLOGY (ICM2ST-11), 2011, 1414
[2] An Information Security Policy Development Life Cycle
Tuyikeze, T.
Pottas, D.
[J]. PROCEEDINGS OF THE SOUTH AFRICAN INFORMATION SECURITY MULTI-CONFERENCE, 2010, : 165 - 176
[3] Embedding Security in Software Development Life Cycle (SDLC)
Khari, Manju
Vaishali
Kumar, Prabhat
[J]. PROCEEDINGS OF THE 10TH INDIACOM - 2016 3RD INTERNATIONAL CONFERENCE ON COMPUTING FOR SUSTAINABLE GLOBAL DEVELOPMENT, 2016, : 2182 - 2186
[4] Reframing Security in Contemporary Software Development Life Cycle
Frijns, Pieter
Bierwolf, Robert
Zijderhand, Tom
[J]. 2018 IEEE INTERNATIONAL CONFERENCE ON TECHNOLOGY MANAGEMENT, OPERATIONS AND DECISIONS (ICTMOD), 2018, : 230 - 236
[5] A Taxonomy of Perceived Information Security and Privacy Threats among IT Security Students
Farooq, Ali
Kakakhel, Syed Rameez Ullah
Virtanen, Seppo
Isoaho, Jouni
[J]. 2015 10TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2015, : 280 - 286
[6] Security in the software life cycle
Department of Homeland Security
不详
不详
不详
[J]. CrossTalk, 2006, 9 (4-9):
[7] A TAXONOMY FOR THE EARLY STAGES OF THE SOFTWARE-DEVELOPMENT LIFE-CYCLE
DAVIS, AM
[J]. JOURNAL OF SYSTEMS AND SOFTWARE, 1988, 8 (04) : 297 - 311
[8] Software security checklist for the software life cycle
Gilliam, DP
Wolfe, TL
Sherif, JS
Bishop, M
[J]. TWELFTH IEEE INTERNATIONAL WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES, PROCEEDINGS, 2003, : 243 - 248
[9] Catalog of metrics for assessing security risks of software throughout the software development life cycle
Sultan, Khalid
En-Nouaary, Abdeslam
Hanaou-Lhadj, Abdelwahab
[J]. PROCEEDINGS OF THE SECOND INTERNATIONAL CONFERENCE ON INFORMATION SECURITY AND ASSURANCE, 2008, : 461 - 465
[10] An integrated security testing framework for Secure Software Development Life Cycle
Tung, Yuan-Hsin
Lo, Sheng-Chen
Shih, Jen-Feng
Lin, Hung-Fu
[J]. 2016 18TH ASIA-PACIFIC NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (APNOMS), 2016,

← 1 2 3 4 5 →