Software Security Framework using the Combination of Use-Misuse Diagrams and Test Driven Development

Software Security Framework using the Combination of Use-Misuse Diagrams and Test Driven Development

연구 분야: Software Development

학회: 2021 IEEE 1st International Maghreb Meeting of the Conference on Sciences and Techniques of Automatic Control and Computer Engineering MI-STA

In recent years, Software Security has gained an important role in the research of information systems as the increasing popularity of hacking and attacking software systems. Therefore, the need for security measures grows and many researchers have put security measures into account from the early stages of software development starting from the requirement engineering phase. Traditional security methods introduced numerous approaches to this subject from the identification of security requirements representation using different processes and techniques such as misuse case diagrams and attack trees, etc. However, these approaches focus on identifying security requirements and ignoring their inclusion in the system. This study investigates the problem of embedding security requirements within the system to ensure and improve security. A framework has been proposed to overcome this problem. The framework has been applied to a case study, i.e., Car Rental System and FileZilla FTP Server as verification and evaluation of the concept. An experimental study has been conducted to ensure that the framework can be applied in real-world applications by several software engineers with different expertise and background. A discussion about the evaluation comparison has been taken place to demonstrate the results. The results have been encouraging and prove that the proposed solution is valid.