Skip to main content
SpringerLink
Log in

System Engineering Security

  • Conference paper
Knowledge-Based and Intelligent Information and Engineering Systems (KES 2009)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 5712))

Abstract

Organizations’ integrate different systems and software applications in order to provide a complete set of services to their customers. However, different types of organisations are facing a common problem today, namely problems with security in their systems. The reason is that focus is on functionality rather than security. Besides that, security, if considered, comes too late in the system and software engineering processes; often during design or implementation phase. Moreover, majority of system engineers do not have knowledge in security. However, security experts are rarely involved in development process. Thus, systems are not developed with security in mind, which usually lead to problems and security breaches. We propose an approach of integration security throughout engineering process. To assure that necessary actions concerning security have been taken during development process, we propose semi-automated preventive controls.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Andersson, R.: Security Engineering A guide to building Dependable Distributed Systems, 2nd edn.

    Google Scholar 

  2. Avizienis, A., Laprie, J.-C., Randell, B.: Fundamental Concepts of Dependability. UCLA CSD Report no. 010028 LAAS Report no. 01-145 Newcastle University Report no.CS-TR-739

    Google Scholar 

  3. Bishop, M.: Introduction to Computer Security. Pearson Education, Inc., London (2005)

    Google Scholar 

  4. Allen, J.H., Barnum, S., Ellisson, R.J., McGraw, G., Mead, N.: Software Security Engineering A Guide for Project Managers. Addison-Wesley, Reading (2008)

    Google Scholar 

  5. CC, 2006. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Information. Version 3.1 Revision 1 (September 2006)

    Google Scholar 

  6. COSO-ERM Enterprise Risk Management —Integrated Framework. Executive Summary (September 2004)

    Google Scholar 

  7. Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: A Framework to security requirements engineering. In: SESS 2006, Shanghai, China, May 20–21, 2006. ACM, New York (2006)

    Google Scholar 

  8. Haridas, N.: Software Engineering – Security as a Process in the SDLC, April 2, 2007. SANS Institute InfoSec Reading Room (2007)

    Google Scholar 

  9. Howard, M., LeBlanc, D.: Writing Secure Code, 2nd edn. Microsoft Press (2003) ISBN 0-7356-1722-8

    Google Scholar 

  10. http://www.27000.org/

  11. http://www.12207.com/

  12. Magnusson, C.: Corporate Governance, Internal Control and Compliance (September 2007), http://www.svensktnaringsliv.se/material/rapporter/article35898.ece

  13. McGraw, G.: Software Security Building Security in. Addison-Wesley, Pearson (2006)

    Book  Google Scholar 

  14. Mouratidis, H., Giorgini, P., Manson, G.: When security meets software. engineering: A case of modelling secure information systems (2005) ISSN: 0306-4379

    Google Scholar 

  15. Pfleeger, S.L.: Software Engineering Theory and Practice, 2nd edn. Prentice-Hall, Inc., Englewood Cliffs (2001)

    Google Scholar 

  16. Rice, D.: Geekonomics The Real Cost of Insecure Software. Pearson Ed. Inc., London (2008)

    Google Scholar 

  17. Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture A Business-Driven Approach. CMP Books (2005) ISBN 1-57820318-X

    Google Scholar 

  18. Swiderski, F., Snyder, W.: Threat Modelling. Microsoft Press (2004) ISBN 0-7356-1991-3

    Google Scholar 

  19. Van Vliet, H.: Software Engineering Principles and Practice, 2nd edn. John Wiley and sons, Chichester (2004)

    Google Scholar 

  20. Boer, T., Booijink, T., Liezenberg, C., Nienhuis(Innopay), J.J., Bryant, C., Pruneau(EBA), A.: E-invoicing 2008 European market description and analysis. V. 1.0 February 2008 Copyright © 2008 Euro Banking Association (EBA) and Innopay

    Google Scholar 

  21. Lindström, C., Näsström, S.: Handbook for Software in Safety-Critical Applications. Swedish Armed Forces (2005)

    Google Scholar 

  22. http://www.iso.org

Download references

Author information

Authors and Affiliations

  1. Department of Computer and System Sciences, Stockholm University, Forum 100, 164 40 Kista, Stockholm, Sweden

    Esmiralda Moradian

Authors
  1. Esmiralda Moradian
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Chile, Republica 701, 8370439, Santiago, Chile

    Juan D. Velásquez  & Sebastián A. Ríos  & 

  2. University of Brighton, BN2 4GJ, Brighton, UK

    Robert J. Howlett

  3. University of South Australia, 5095, Mawson Lakes, SA, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Moradian, E. (2009). System Engineering Security. In: Velásquez, J.D., Ríos, S.A., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2009. Lecture Notes in Computer Science(), vol 5712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04592-9_102

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04592-9_102

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04591-2

  • Online ISBN: 978-3-642-04592-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation