Search results for: secure software development

Authors: Sri Lakshmi Kanniah, Mohd Naz’ri Mahrin

Abstract:

More and more businesses and services are depending on software to run their daily operations and business services. At the same time, cyber-attacks are becoming more covert and sophisticated, posing threats to software. Vulnerabilities exist in the software due to the lack of security practices during the phases of software development. Implementation of secure software development practices can improve the resistance to attacks. Many methods, models and standards for secure software development have been developed. However, despite the efforts, they still come up against difficulties in their deployment and the processes are not institutionalized. There is a set of factors that influence the successful deployment of secure software development processes. In this study, the methodology and results from a systematic literature review of factors influencing the implementation of secure software development practices is described. A total of 44 primary studies were analysed as a result of the systematic review. As a result of the study, a list of twenty factors has been identified. Some of factors that affect implementation of secure software development practices are: Involvement of the security expert, integration between security and development team, developer’s skill and expertise, development time and communication between stakeholders. The factors were further classified into four categories which are institutional context, people and action, project content and system development process. The results obtained show that it is important to take into account organizational, technical and people issues in order to implement secure software development initiatives.

Keywords: secure software development, software development, software security, systematic literature review

Procedia PDF Downloads 339

Authors: Carlos Gonzalez

Abstract:

This paper describes the use of the Internet as a feature to enhance the security of our software that is going to be distributed/sold to users potentially all over the world. By placing in a secure server some of the features of the secure software, we increase the security of such software. The communication between the protected software and the secure server is done by a double lock algorithm. This paper also includes an analysis of intruders and describes possible responses to detect threats.

Keywords: internet, secure software, threats, cryptography process

Procedia PDF Downloads 295

Authors: Carlos Gonzalez, Ernesto Linan

Abstract:

We propose a methodology to conciliate two apparently contradictory processes in the development of secure obfuscated software and good software engineered software. Our methodology consists first in the system designers defining the type of security level required for the software. There are four types of attackers: casual attackers, hackers, institution attack, and government attack. Depending on the level of threat, the methodology we propose uses five or six teams to accomplish this task. One Software Engineer Team and one or two software Obfuscation Teams, and Compiler Team, these four teams will develop and compile the secure obfuscated software, a Code Breakers Team will test the results of the previous teams to see if the software is not broken at the required security level, and an Intrusion Analysis Team will analyze the results of the Code Breakers Team and propose solutions to the development teams to prevent the detected intrusions. We also present an analytical model to prove that our methodology is no only easier to use, but generates an economical way of producing secure obfuscated software.

Keywords: development methodology, obfuscated software, secure software development, software engineering

Procedia PDF Downloads 221

Authors: Mir Shahriar Emami

Abstract:

Although it is fully impossible to ensure that a software system is quite secure, developing an acceptable secure software system in a convenient platform is not unreachable. In this paper, we attempt to analyze software development life cycle (SDLC) models from the hardware systems and circuits point of view. To date, the SDLC models pay merely attention to the software security from the software perspectives. In this paper, we present new features for SDLC stages to emphasize the role of systems and circuits in developing secure software system through the software development stages, the point that has not been considered previously in the SDLC models.

Keywords: SDLC, SSDLC, software security, software process engineering, hardware systems and circuits security

Procedia PDF Downloads 221

Authors: Carlos Gonzalez-Flores, Ernesto Liñan-García

Abstract:

A simple and robust approach for developing secure software. A Four Phase methodology consists in developing the non-secure software in phase one, and for the next three phases, one phase for each of the secure developing types (i.e. self-protected software, secure code transformation, and the secure shield). Our methodology requires first the determination and understanding of the type of security level needed for the software. The methodology proposes the use of several teams to accomplish this task. One Software Engineering Developing Team, a Compiler Team, a Specification and Requirements Testing Team, and for each of the secure software developing types: three teams of Secure Software Developing, three teams of Code Breakers, and three teams of Intrusion Analysis. These teams will interact among each other and make decisions to provide a secure software code protected against a required level of intruder.

Keywords: secure software, four phases methodology, software engineering, code breakers, intrusion analysis

Procedia PDF Downloads 368

Authors: Somayeh Zeinali

Abstract:

A component is generally defined as a piece of executable software with a published interface. Component-based software engineering (CBSE) has become recognized as a new sub-discipline of software engineering. In the component-based software development, components cannot be completely secure and thus easily become vulnerable. Some researchers have investigated this issue and proposed approaches to detect component intrusions or protect distributed components. Software security also refers to the process of creating software that is considered secure.The terms “dependability”, “trustworthiness”, and “survivability” are used interchangeably to describe the properties of software security.

Keywords: component-based software development, component-based software engineering , software security attributes, dependability, component

Procedia PDF Downloads 516

Authors: Amjad Nusayr

Abstract:

Software security is a general term used to any type of software architecture or model in which security aspects are incorporated in this architecture. These aspects are not part of the main logic of the underlying program. Software security can be achieved using a combination of approaches, including but not limited to secure software designs, third part component validation, and secure coding practices. Memory safety is one feature in software security where we ensure that any object in memory has a valid pointer or a reference with a valid type. Aspect-Oriented Programming (AOP) is a paradigm that is concerned with capturing the cross-cutting concerns in code development. AOP is generally used for common cross-cutting concerns like logging and DB transaction managing. In this paper, we introduce the concepts that enable AOP to be used for the purpose of memory and type safety. We also present ideas for extending AOP in software security practices.

Keywords: aspect oriented programming, programming languages, software security, memory and type safety

Procedia PDF Downloads 97

Authors: Ravi Kumar, Dhrubajit Barman, Nomi Baruah

Abstract:

Software Cloning has grown an active area in software engineering research community yielding numerous techniques, various tools and other methods for clone detection and removal. The copying, modifying a block of code is identified as cloning as it is the most basic means of software reuse. Agile Software Development is an approach which is currently being used in various software projects, so that it helps to respond the unpredictability of building software through incremental, iterative, work cadences. Software Cloning has been introduced to Agile Environment and many Agile Software Development approaches are using the concept of Software Cloning. This paper discusses the various Agile Software Development approaches. It also discusses the degree to which the Software Cloning concept is being introduced in the Agile Software Development approaches.

Keywords: agile environment, refactoring, reuse, software cloning

Procedia PDF Downloads 498

Authors: Gurmeet Kaur

Abstract:

Agile software development methods are being recognized as popular, and efficient approach to the development of software system that has a short delivery period with high quality also that meets customer requirements with zero defect. In agile software development, quality means quality of code where in the quality is maintained through the use of methods or approaches like refactoring, test driven development, behavior driven development, acceptance test driven development, and demand driven development. Software quality is measured in term of metrics such as the number of defects during development of software. Usage of above mentioned methods or approaches, reduces the possibilities of defects in developed software, and hence improve quality. This paper focuses on study of agile based quality methods or approaches for software development that ensures improved quality of software as well as reduced cost, and customer satisfaction.

Keywords: ATDD, BDD, DDD, TDD

Procedia PDF Downloads 126

Authors: Malinda Gayan Sirisena

Abstract:

The aim of this research is to evaluate the effectiveness of software quality assurance approaches of Sri Lankan offshore software development organizations, and to propose a framework which could be used across all offshore software development organizations. An empirical study was conducted using derived framework from popular software quality evaluation models. The research instrument employed was a questionnaire survey among thirty seven Sri Lankan registered offshore software development organizations. The findings demonstrate a positive view of Effectiveness of Software Quality Assurance – the stronger predictors of Stability, Installability, Correctness, Testability and Changeability. The present study’s recommendations indicate a need for much emphasis on software quality assurance for the Sri Lankan offshore software development organizations.

Keywords: software quality assurance (SQA), offshore software development, quality assurance evaluation models, effectiveness of quality assurance

Procedia PDF Downloads 386

Authors: Hongmei Chi

Abstract:

The Blockchain has become a necessity for many different societal industries and ordinary lives including cryptocurrency technology, supply chain, health care, public safety, education, etc. Therefore, training our future blockchain developers to know blockchain programming vulnerability and I.T. students' cyber security is in high demand. In this work, we propose a framework including learning modules and hands-on labs to guide future I.T. professionals towards developing secure blockchain programming habits and mitigating source code vulnerabilities at the early stages of the software development lifecycle following the concept of Secure Software Development Life Cycle (SSDLC). In this research, our goal is to make blockchain programmers and I.T. students aware of the vulnerabilities of blockchains. In summary, we develop a framework that will (1) improve students' skills and awareness of blockchain source code vulnerabilities, detection tools, and mitigation techniques (2) integrate concepts of blockchain vulnerabilities for IT students, (3) improve future IT workers’ ability to master the concepts of blockchain attacks.

Keywords: software vulnerability detection, hands-on lab, static analysis tools, vulnerabilities, blockchain, active learning

Procedia PDF Downloads 53

Authors: Surafel Demissie, Frank Keenan, Fergal McCaffery

Abstract:

Emerging medical devices are highly relying on embedded software that runs on the specific platform in real time. The development of embedded software is different from ordinary software development due to the hardware-software dependency. MDevSPICE^® has been developed to provide guidance to support such development. To increase the flexibility of this framework agile practices have been introduced. This paper outlines the challenges for embedded medical device software development and the structure of MDevSPICE^® and suggests a suitable combination of agile practices that will help to add flexibility and address corresponding challenges of embedded medical device software development.

Keywords: agile practices, challenges, embedded software, MDevSPICE®, medical device

Procedia PDF Downloads 235

Authors: Alsahli Abdulaziz Abdullah, Hameed Ullah Khan

Abstract:

Software development nowadays is more and more using global ways of development instead of normal development enviroment where development occur in one location. This paper is a aimed to propose a Requirement Engineering framework to support Global Software Development environment with regards to all requirment engineering activities from elicitation to fially magning requirment change. Global software enviroment is more and more gaining better reputation in software developmet with better quality is resulting from developing in this eviroment yet with lower cost.However, failure rate developing in this enviroment is high due to inapproprate requirment development and managment.This paper will add to the software engineering development envrioments discipline and many developers in GSD will benefit from it.

Keywords: global software development environment, GSD, requirement engineering, FreGsd, computer engineering

Procedia PDF Downloads 503

Authors: Amna Batool

Abstract:

Agile methodology is the current most popular technique in software development projects. Agile methods in software development bring optimistic impact on software performances, quality and customer satisfaction. There are some organizations and small-medium enterprises adopting agile into their local software development projects as well as in distributed software development projects. Adopting agile methods in local software development projects is valuable. However, agile global software deployment needs an attention. There are different key challenges in agile global software development that need to resolve and enhance the global software development cycles. The proposed systematic literature review investigates all key challenges of agile in global software development. Moreover, a quantitative methodology (an actual survey) targeted to present a real case scenario of these particular key challenges faced by one of the software houses that is BestWeb Malaysia. The outcomes of systematic literature and the results of quantitative methodology are compared with each other to evaluate if the key challenges pointed out in systematic review still exist. The proposed research and its exploratory results can assist small medium enterprises to avoid these challenges by adopting the best practices in their global software development projects. Moreover, it is helpful for novice researchers to get valuable information altogether.

Keywords: agile software development, ASD challenges, agile global software development, challenges in agile global software development

Procedia PDF Downloads 125

Authors: Abeer Toheed Quadri, Maria Abubakar, Mehreen Sirshar

Abstract:

Component Based Software Development (CBSD) is a new trend in software development. Selection of quality components is not enough to ensure software quality in Component Based Software System (CBSS). A software product is considered to be a quality product if it satisfies its customer’s needs and has minimum defects. Authors’ survey different research papers and analyzes various techniques which ensure software quality in component based software development. This paper includes an investigation about how to improve the quality of a component based software system without effecting quality attributes. The reported information is identified from literature survey. The developments of component based systems are rising as they reduce the development time, effort and cost by means of reuse. After analysis, it has been explored that in order to achieve the quality in a CBSS we need to have the components that are certified through software measure because the predictability of software quality attributes of system depend on the quality attributes of the constituent components, integration process and the framework used.

Keywords: CBSD (component based software development), CBSS (component based software system), quality components, SQA (software quality assurance)

Procedia PDF Downloads 376

Authors: Jay Xiong, Li Lin

Abstract:

This paper introduces a new software engineering paradigm based on complexity science, called NSE (Nonlinear Software Engineering paradigm). The purpose of establishing NSE is to help software development organizations double their productivity, half their cost, and increase the quality of their products in several orders of magnitude simultaneously. NSE complies with the essential principles of complexity science. NSE brings revolutionary changes to almost all aspects in software engineering. NSE has been fully implemented with its support platform Panorama++.

Keywords: complexity science, software development, software engineering, software maintenance

Procedia PDF Downloads 238

Authors: Muhammad Irfan Marwat, Sadaqat Jan, Syed Zafar Ali Shah

Abstract:

Software architecture plays a key role in software development but absence of formal description of software architecture causes different impede in software development. To cope with these difficulties, ontology has been used as artifact. This paper proposes ontology for software architectural design based on IEEE model for architecture description and Kruchten 4+1 model for viewpoints classification. For categorization of style and views, ISO/IEC 42010 has been used. Corpus method has been used to evaluate ontology. The main aim of the proposed ontology is to classify and locate software architectural design information.

Keywords: semantic-based software architecture, software architecture, ontology, software engineering

Procedia PDF Downloads 512

Authors: Kars Beek, Remco Groeneveld, Sjaak Brinkkemper

Abstract:

Although there is much literature available on requirement documentation in traditional software development, few studies have been conducted about this topic in open source software development. While open-source software development is becoming more important, the software development processes are often not as structured as corporate software development processes. Papers show that communities, creating open-source software, often lack structure and documentation. However, most recent studies about this topic are often ten or more years old. Therefore, this research has been conducted to determine if the lack of structure and documentation in requirement engineering is currently still the situation in these communities. Three open-source products have been chosen as subjects for conducting this research. The data for this research was gathered based on interviews, observations, and analyses of feature proposals and issue tracking tools. In this paper, we present a comparison and an analysis of the different methods used for requirements documentation to understand the current practices of requirements documentation in open source software development.

Keywords: case study, open source software, open source software development, requirement elicitation, requirement engineering

Procedia PDF Downloads 66

Authors: Adrian Forca, Simeon Cainday III

Abstract:

The Electronic Payment Recording with Payment History Retrieval Module is developed intendedly for the College of Science and Technology. This system software innovates the manual process of recording the payments done in the department through the development of electronic payment recording system software shifting from the slow and time-consuming procedure to quick yet reliable and accurate way of recording payments because it immediately generates receipts for every transaction. As an added feature to its software process, generation of recorded payment report is integrated eliminating the manual reporting to a more easy and consolidated report. As an added feature to the system, all recorded payments of the students can be retrieved immediately making the system transparent and reliable payment recording software. Viewing the whole process, the system software will shift from the manual process to an organized software technology because the information will be stored in a logically correct and normalized database. Further, the software will be developed using the modern programming language and implement strict programming methods to validate all users accessing the system, evaluate all data passed into the system and information retrieved to ensure data accuracy and reliability. In addition, the system will identify the user and limit its access privilege to establish boundaries of the specific access to information allowed for the store, modify, and update making the information secure against unauthorized data manipulation. As a result, the System software will eliminate the manual procedure and replace with an innovative modern information technology resulting to the improvement of the whole process of payment recording fast, secure, accurate and reliable software innovations.

Keywords: collection, information system, manual procedure, payment

Procedia PDF Downloads 136

Authors: Fawad Zaidi

Abstract:

This paper discusses a variety of challenges and solutions involved with creating computer games and the issues faced by the software engineers working in this field. This review further investigates the articles coverage of project scope and the problem of feature creep that appears to be inherent with game development. The paper tries to answer the following question: Is this a problem caused by a shortage, or bad software engineering practices, or is this outside the control of the software engineering component of the game production process?

Keywords: software engineering, computer games, software applications, development

Procedia PDF Downloads 448

Authors: J. Congalton, K. Logan, B. Crump

Abstract:

Software is a critical aspect of modern life. However it is costly to develop and industry initiatives have focused on reducing costs and improving the productivity. Increasing, software is being developed in teams, and with greater globalization and migration, the teams are becoming more ethnically diverse. This study investigated whether diversity in terms of ethnicity impacted on the productivity of software development. Project managers of software development teams were interviewed. The study found that while some issues did exist due to language problems, when project managers created an environment of trust and friendliness, diversity made a positive contribution to productivity.

Keywords: diversity, project management, software development, team work

Procedia PDF Downloads 340

Authors: Rituraj Deka, Nomi Baruah

Abstract:

The development of information technology during the past few years resulted in designing of more and more complex software. The outsourcing of software development makes a higher requirement for the management of software development project. Various software enterprises follow various paths in their pursuit of excellence, applying various principles, methods and techniques along the way. The new research is proving that CMMI and Agile methodologies can benefit from using both methods within organizations with the potential to dramatically improve business performance. The paper describes a mapping between CMMI key process areas (KPAs) and Feature-Driven Development (FDD) communication perspective, so as to increase the understanding of how improvements can be made in the software development process.

Keywords: Agile, CMMI, FDD, KPAs

Procedia PDF Downloads 427

Authors: M. Sumana, K. S. Hareesha

Abstract:

Secure computations are essential while performing privacy preserving data mining. Distributed privacy preserving data mining involve two to more sites that cannot pool in their data to a third party due to the violation of law regarding the individual. Hence in order to model the private data without compromising privacy and information loss, secure multiparty computations are used. Secure computations of product, mean, variance, dot product, sigmoid function using the additive and multiplicative homomorphic property is discussed. The computations are performed on vertically partitioned data with a single site holding the class value.

Keywords: homomorphic property, secure product, secure mean and variance, secure dot product, vertically partitioned data

Procedia PDF Downloads 387

Authors: E. K. A. Ogunshile

Abstract:

This paper is aimed at creating an Automatic Java X-Machine testing tool for software development. The nature of software development is changing; thus, the type of software testing tools required is also changing. Software is growing increasingly complex and, in part due to commercial impetus for faster software releases with new features and value, increasingly in danger of containing faults. These faults can incur huge cost for software development organisations and users; Cambridge Judge Business School’s research estimated the cost of software bugs to the global economy is $312 billion. Beyond the cost, faster software development methodologies and increasing expectations on developers to become testers is driving demand for faster, automated, and effective tools to prevent potential faults as early as possible in the software development lifecycle. Using X-Machine theory, this paper will explore a new tool to address software complexity, changing expectations on developers, faster development pressures and methodologies, with a view to reducing the huge cost of fixing software bugs.

Keywords: conformance testing, finite state machine, software testing, x-machine

Procedia PDF Downloads 239

Authors: Eugen Neagoe, Victor Balanica

Abstract:

A Smart Building Controller (SBC) is a server software that offers secured access to a pool of building specific resources, executes monitoring tasks and performs automatic administration of a building, thus optimizing the exploitation cost and maximizing comfort. This paper brings to discussion the issues that arise with the secure exploitation of the SBC administered resources and proposes a technical solution to implement a robust secure access system based on roles, individual rights and privileges (special rights).

Keywords: smart building controller, software security, access rights, access authorization

Procedia PDF Downloads 410

Authors: Fazal-e-Amin, Abdullah S. Alghamdi, Iftikhar Ahmad

Abstract:

Software ecosystems’ concept is an inspiration from the natural ecosystem. Software ecosystems refer to large systems developed on top of a platform composed of different components developed by different entities of that ecosystem. Ecosystems improve information access, dissemination and coordination considerably. The ability to evolve and accommodate new subsystems gives a boost to the software ecosystems. In this paper, Saudi education software ecosystem is discussed and its need and potential benefits are highlighted. This work will provide a basis for further research in this area and foundation in development of Saudi education ecosystem.

Keywords: software ecosystem, education software, framework, software engineering

Procedia PDF Downloads 492

Authors: Sarah K. Amer, Nagwa Badr, Osman Ibrahim, Ahmed Hamad

Abstract:

This paper surveys the effectiveness of software process quality assurance frameworks, with some focus on Capability Maturity Model Integration (CMMI) - a framework that has become widely adopted in software organizations. The importance of quality improvement in software development, and the differences in the outcomes of quality framework implementation between Middle Eastern and North African (MENA-region) countries and non-MENA-region countries are discussed. The greatest challenges met in the MENA region are identified, with particular focus on Egypt and its rising software development industry.

Keywords: software quality, software process improvement, software development methodologies, capability maturity model integration

Procedia PDF Downloads 314

Authors: J. Liebenberg, M. Huisman, E. Mentz

Abstract:

It is widely acknowledged that there is a shortage of software developers, not only in South Africa, but also worldwide. Despite reports on a gap between industry needs and software education, the gap has mostly been explored in quantitative studies. This paper reports on the qualitative data of a mixed method study of the perceptions of professional software developers regarding what topics they learned from their formal education and the importance of these topics to their actual work. The analysis suggests that there is a gap between industry’s needs and software development education and the following recommendations are made: 1) Real-life projects must be included in students’ education; 2) Soft skills and business skills must be included in curricula; 3) Universities must keep the curriculum up to date; 4) Software development education must be made accessible to a diverse range of students.

Keywords: software development education, software industry, IT workforce, computing curricula

Procedia PDF Downloads 432

Authors: Dwi Puspita Sari, Gulnur Baltabayeva, Nadia Salman, Maxut Toleuov, Vijay Kanabar

Abstract:

Technology era drives people to use mobile phone to support their daily life activities. Technology development has a rapid phase which pushes the IT company to adjust any technology changes in order to fulfill customer’s satisfaction. As a result of that, many companies in the USA emerged from systematics software development approach to agile software development approach in developing systems and applications to develop many mobile phone applications in a short phase to fulfill user’s needs. As a systematic approach is considered as time consuming, costly, and too risky, agile software development has become a more popular approach to use for developing software including mobile applications. This paper reflects a short-term project to develop a diet tracker mobile application using agile software development that focused on applying scrum framework in the development process.

Keywords: agile software development, scrum, diet tracker, mobile application

Procedia PDF Downloads 220

Authors: Alma Orucevic-Alagic, Martin Höst

Abstract:

Open source communities have demonstrated that complex and enterprise grade software can be produced, supported, and maintained by self-organizing groups of developers using primarily electronic form of communication. Due to the inherent nature of open source development, a specific set of open source software development practices has evolved. While there is an ongoing research on the topic of applicability of open source development practices within a company setting, still little is known about their benefits and challenges. The objective of this research is to understand if and to what degree open source development practices observed within a mature open source community are aligned with development practices within a large software and hardware company setting. For the purpose of this case study a set of open source development practices that are present in a mature open source community has been identified. Then, development practices of a large, international, hardware and software company based in Sweden were assessed and compared to the identified open source community practices. It is shown that there are many similarities between a mature open source community and a large company setting in regard to software development practices. We also identify practices that exist in open source communities and that are not standard within a company setting, but whose implementation can result in an improved software development efficiency within the company setting.

Keywords: development practices, open source software, innersource, closed open source

Procedia PDF Downloads 517