Abstract
Software systems are everywhere, and therefore, software security breaches impact every enterprise system. Although the software engineers and system developers are provided with various secure software development guidelines and processes, attacks exploiting software vulnerabilities are on the rise. The prevalence of software vulnerabilities and the increasing number of hacked enterprise systems underline the need for guidance in the design and implementation of secure software. If the software engineers and system developers consider applying and implementing the Secure Design Principles (SDPs), the enterprise systems would be secured against many types of attacks. In this research, we conducted a survey study among participants who have experience in designing and/or developing software (such as native application, browser application, or mobile application) to test their familiarity and working knowledge of SDPs. We also explored if the demographic variables (age, gender, experience, education) are associated with their knowledge of SDPs. We also discovered misconception of secure design principles and gathered participants’ opinions on the ways to implement SDPs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Benzel, T.V., Irvine, C.E., Levin, T.E., Bhaskara, G., Nguyen, T.D., Clark, P.C.: Design principles for security. Technical report, Naval Postgraduate School Monterey CA Department Of Computer Science (2005)
Bishop, M.: Computer Security: Art and Science. Addison Wesley Professional, Westford (2003)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654. IEEE (2016)
Hole, K.J., Moen, V., Tjostheim, T.: Case study: online banking security. IEEE Secur. Priv. 4(2), 14–20 (2006)
Inglesant, P., Sasse, M.A., Chadwick, D., Shi, L.L.: Expressions of expertness: the virtuous circle of natural language for access control policy specification. In: Proceedings of the 4th symposium on Usable privacy and security, pp. 77–88 (2008)
Jaferian, P., Rashtian, H., Beznosov, K.: To authorize or not authorize: helping users review access policies in organizations. In: 10th Symposium on Usable Privacy and Security (\(\{\)SOUPS\(\}\) 2014), pp. 301–320 (2014)
McGraw, G.: Software Security: Building Security In, 1st edn. Addison-Wesley Professional, Westford (2006). (Paperback) (Addison-Wesley Professional)
Medvidovic, N., Taylor, R.N.: Software architecture: foundations, theory, and practice. In: 2010 ACM/IEEE 32nd International Conference on Software Engineering, vol. 2, pp. 471–472. IEEE (2010)
Reeder, R.W., et al.: Expandable grids for visualizing and authoring computer security policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1473–1482 (2008)
Saltzer, J., et al.: On the naming and binding of network destinations. In: Local Computer Networks, pp. 311–317 (1993)
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)
Sistla, A.P., Venkatakrishnan, V., Zhou, M., Branske, H.: CMV: automatic verification of complete mediation for java virtual machines. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 100–111 (2008)
Smith, R.E.: A contemporary look at Saltzer and Schroeder’s 1975 design principles. IEEE Secur. Priv. 10(6), 20–25 (2012)
Syverson, P.: Limitations on design principles for public key protocols. In: Proceedings 1996 IEEE Symposium on Security and Privacy, pp. 62–72. IEEE (1996)
Wood, C.C.: Principles of secure information systems design. Comput. Secur. 9(1), 13–24 (1990)
Wood, C.C.: Principles of secure information systems design with groupware examples. Comput. Secur. 12(7), 663–678 (1993)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Almousa, M., Keshavarz, M., Anwar, M. (2020). Awareness and Working Knowledge of Secure Design Principles: A User Study. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-50309-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50308-6
Online ISBN: 978-3-030-50309-3
eBook Packages: Computer ScienceComputer Science (R0)