Software Security Research Papers - Academia.edu (original) (raw)

- by
- •
- Engineering, Computer Science, Software Security, Software Development

Since 2002, over 10% of total cyber vulnerabilities were SQL injection vulnerabilities. Since most developers are not experienced software security practitioners, a solution for correctly fixing SQL injection vulnerabilities that does not require security expertise is desirable. In this paper, we propose an automated method for removing SQL injection vulnerabilities from Java code by converting plain text SQL statements into prepared statements. Prepared statements restrict the way that input can affect the ...

- by asdf asdf
- •
- Computer Science, Software Security, Databases, Software Reliability
- by Marc-andré Laverdière
- •
- Information Security, Software Security, Software Development, Six Sigma
- by Eliot Rich
- •
- Software Security, Software Development, OPERATING SYSTEM, Open Source
- by asdfa sdfasdf
- •
- Software Security

New software security vulnerabilities are discovered on almost daily basis and it is vital to be able to identify and resolve them as early as possible. Fortunately, many software vulnerabilities are recurring or very similar, thus, one could effectively detect and fix a vulnerability in a system by consulting the similar vulnerabilities and fixes from other systems. In this paper, we propose, SecureSync, an automatic approach to detect and provide suggested resolutions for recurring software vulnerabilities on multiple systems ...

- by thành nguyễn
- •
- Software Security, Computational Modeling, Databases, Software

The implementation of software has been challenging for many organizations. As given in the many reports of important failures, the implementation of packaged software and associated changes in business processes has proved not to be an easy mission. As many organizations have discovered, the implementation of software’s systems can be an enormous disaster unless the process is managed cautiously. By calculating and minimizing the major business risks in the first illustration, the scene can be set for the successful performance of software’s organization. Almost every software controlled system faces risk from potential adversaries. Software engineers must be cognizant of these security risk and engineer systems with probable defenses, as still delivering value to customers is priority of an organization.Software security risk management and security assessments essentials reproduces several influences. The maximum documentation arrival on security holders encloses the value to cus...

- by Rajshree Pandey
- •
- Software Security

paper presents a formal approach to threat-driven modeling and verification of secure software using aspect-oriented Petri nets. Based on the behavior model of intended functions, we identify and build formal models of security threats, which are potential misuses and anomalies of the intended functions that violate security goals. Threat mitigations are further modeled in an aspect-oriented paradigm. Taking Petri nets

- by Azzam Mourad
- •
- Information Security, Software Security, Software Development, Six Sigma
- by saikrishna aravalli
- •
- Software Security, Computers, Source Code, Code Obfuscation
- by Songling Huang
- •
- Software Engineering, Software Security, Behavior Analysis, Functional Testing

Agile software development has been used by business to produce a more adaptable and simple software development process, i.e. making it possible to develop software at a faster rate and with more agility during development. There are however concerns that the higher complexity, refactoring rate, and lack of documentation are creating less secure software. Software Security in other hand is one of the most important factors in software projects success, but it costs more time and effort in the software development life cycle and increases the overall complexity of the software project. In this paper, the authors suggest some methodologies that may enhance the overall software security by implementing them into extreme programming (XP) life cycle.

- by Fawaz Khasawneh
- •
- Software Security

org/seas/index Call for Papers 11 th International Conference on Software Engineering and Applications (SEAS 2022) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of Software Engineering and Applications. The goal of this conference is to bring together researchers and practitioners from academia and industry to focus on understanding Modern software engineering concepts and establishing new collaborations in these areas.

- by Tomi Männistö
- •
- Software Security, Software Maintenance, Security Management, Software Metrics

With the current interconnected state of our world, the security of every system is important. More often than not, however, security is treated independent to software. This overlooks a vital security principle; security should be grounded in the same early design and development stages as an application itself. By instead favouring immediate returns over long term benefits, the value of concrete security is commonly undermined. To remedy this, this paper seeks to explore the relaying of security into a fundamental building block of software; namely design patterns.

- by Michael Colesky and +2
- •
- Software Engineering, Software Security, Design Patterns

Abstract-Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and exploit development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER reacts to observed attacks and proactively searches for never-before-seen vulnerabilities. FUZZBUSTER uses a suite of fuzz testing and vulnerability assessment tools to find or verify the existence of vulnerabilities. Then FUZZBUSTER conducts additional tests to characterize the extent of the vulnerability, identifying ways it can be triggered. After characterizing a vulnerability, FUZZBUSTER synthesizes and applies an adaptation to prevent future exploits.

- by Paul Robertson
- •
- Software Security, Adaptive Immunity, Cyber Security, Vulnerability assessment

Over the past decades, efforts to enhance software development life cycle (SDLC) practices have been shown to improve software quality, reliability, and fault-tolerance. More recently, similar strategies to improve the security of software in organizations such as Microsoft, Oracle, and Motorola have resulted in software products with less vulnerabilities and greater dependability, trustworthiness, and resilience. In its mission to improve the security of software used in America’s critical infrastructure and information systems, the Department of Homeland Security’s (DHS) Software Assurance Program has sponsored the creation of the book Enhancing the Development Life Cycle to Produce Secure Software, a source of practical information intended to help developers, integrators, and testers identify and systematically apply security and assurance principles, methodologies, and techniques to current SDLC practices, and thereby increase the security of the software that results. Unlike t...

- by Karen Mercedes Goertzel
- •
- Software Security, Application Security, Software Assurance

The computer has become indispensable in today’s life, and it is
widely used in many fields of life such as commerce, education,
industry…etc. The computer saves time in regarding to help
solving complex, long, repeated processes in a short time and
high speed. As the software programs need to handle these
features, many companies produce software programs to
facilitate the works for administrations, banks, offices, etc.
Moreover, software has been in used for analyzing information
or solving problems for more than four decades. Creating a
suitable work to develop programs of high quality is the main
goal of the software engineering. Usually, clients seek the
assistance from computer and software engineers to solve and
handle their problems. There are various models have been
widely in used to develop software products. Common models
will be described in this paper.

- by Adel Alshamrani
- •
- Information Security, Software Security, Network Security, Computer Networks

11 th International Conference on Cryptography and Information Security (CRYPIS 2022) focuses on cutting-edge results in Applied Cryptography and Information security. It aims to bring together scientists, researchers and students to exchange novel ideas and results in all aspects of Cryptography, Coding and Information security. Authors are solicited to contribute to the conference by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the following areas, but are not limited to.

Binary code search has received much attention recently due to its impactful applications, e.g., plagiarism detection, malware detection and software vulnerability auditing. However, developing an effective binary code search tool is challenging due to the gigantic syntax and structural differences in binaries resulted from different compilers, architectures and OSs. In this paper, we propose BINGO— a scalable and robust binary search engine supporting various ar-chitectures and OSs. The key contribution is a selective inlining technique to capture the complete function semantics by inlining relevant library and user-defined functions. In addition, architecture and OS neutral function filtering is proposed to dramatically reduce the irrelevant target functions. Besides, we introduce length variant partial traces to model binary functions in a program structure agnostic fashion. The experimental results show that BINGO can find semantic similar functions across architecture and OS boundaries, even with the presence of program structure distortion, in a scalable manner. Using BINGO, we also discovered a zero-day vulnerability in Adobe PDF Reader, a COTS binary.

Static Code Analysis tools can reduce the number of bugs in one program therefore it can reduce the cost of this program. Many developers don’t use these tools losing a lot of time with manual code analysis (in some cases there are no analysis at all) and a lot of money with resources to do the analysis.
In this paper we will test and study the results of three static code analysis tools that by being inexpensive can efficiently remove the most common vulnerabilities in a software. It can be difficult to compare tools with different characteristics but we can get interesting results by testing the tools together.

- by Katsuhisa Maruyama
- •
- Software Security, Information Flow, Source Code, Software Systems

Deployed software, now-a-days, are continuously under attack. Attackers have been exploiting vulnerabilities for decades and seem to be on rise everyday. Firewalls, intrusion detection and antivirus systems cannot simply solve this problem to the desirable extent. The major reason may be the in-built vulnerabilities, which are not curable at these stages. Only a concerted effort, by the software development community for building more secure software can foil attacks and allow users to feel protected from the exploitation. It is observed that each phase of the SDLC should include the appropriate security assurance mechanisms and countermeasures. From requirements through design and implementation, to testing and deployment, security measures must be embedded throughout the SDLC phases. „Access Control and Rights‟ is one of the measure protective mechanisms, which is broadly accepted. Appropriate level of access control may well enforce security features and hence assure security. In...

- by K Mustafa
- •
- Engineering, Software Security, Risk assessment, Risk Assessment

Developing secure web applications that can withstand malicious attacks requires a careful injection of security considerations into early stages of development lifecycle. Assessing security at the requirement analysis stage of the application development life cycle may help in mitigating security defects before they spread their wings into the latter stages of the development life cycle and into the final version of product. In this paper, we present a security metrics model based on the Goal Question Metric (GQM) approach, focusing on the design of the misuse case model. Misuse case is a technique to identify threats and integrate security requirements during the requirement analysis stage. The security metrics model helps in discovering and evaluating the misuse case models by ensuring a defect-free model. Here, the security metrics are based on the OWASP top 10-2010, in addition to misuse case modeling antipattern.

- by Brent Mittelstadt and +4
- •
- Business Ethics, Computer Science, Algorithms, Parallel Algorithms
- by vladan jovanovic
- •
- Software Security, Database Design, Holistic Approach, Queue

Software development paradigms help a software developer to select appropriate strategies to develop software projects. They include various methods, procedures, and tools to describe and define the software development life cycle (SDLC). The waterfall and iterative models are two useful development paradigms, which have been used by various software developers in the last decades. This paper proposes a new software development methodology, called waterative model, which applies an integration of the waterfall and iterative development paradigms. In this model, the iterative model is embedded into the waterfall model to use the advantages of both models as an integrated one. It, in the most cases, is appropriate for large software products that need a long-term period of time for the development process. Experimental results demonstrate that the customer satisfaction score could be high by using the proposed model in various software projects.

- by Mohammad Samadi
- •
- Software Engineering, Software Security, Open Source Software, Software Testing
- by Johnnes Arreymbi
- •
- Software Security, Software Development, Neural Networks, Neural Network

10th International Conference on Software Engineering & Trends (SE 2022) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of Software Engineering. The goal of this conference is to bring together researchers and practitioners from academia and industry to focus on understanding Modern software engineering concepts and establishing new collaborations in these areas.

Secure software development has received lots of
attention in recent years due to the rise of security
breaches attributed to software problems. There have
been several studies that address software security
from different perspectives: security requirements,
security modeling, security testing, security best
practices and standards, static and dynamic analysis
tools, etc. However, there has been no or little research
done in the area of secure programming languages.
Therefore, language–level support for secure coding
warrants further attention and interest. This work is an
attempt to shed light on the requirements in terms of
language constructs that must be available in popular
and widely used object-oriented programming
languages to build secure software. This research work
focuses on the most common security vulnerabilities
and proposes mitigation strategies in terms of
language-level constructs and mechanisms.

Nowadays with the help of e-commerce websites, the companies get a massive opportunity to
present and deliver their products and services to customers and make it available for 24 hours.
By doing so, the companies will be able to reach out to its potential customers since most of
the people started to prefer shopping online due to several benefits such as simplicity and save
time. They are able to select and buy any desired products at any wanted time and pay using
various options such as credit cards or cash as well. Because of these benefits, most of the
companies tend to have e-commerce websites where the customers are simply required to visit
the website, view the product, add it to the shopping cart and pay. Then the purchased orders
will be delivered to the mentioned destination on time (Ferreira, N. M, 2018).
Also, the e-commerce web application allows customers to post and submit their feedback
regarding several elements such as about the product, the delivery service, and e-commerce
services. By providing this type of feedback, the company will be able to improve their services
and enhance them better, since keeping in touch with the customers is very necessary in order
to know the customer’s opinion time (Ferreira, N. M, 2018).

- by Ali Fathi A L I Sawehli
- •
- Software Engineering, Software Security, Web Design, Web Applications

Practices shows that the software quality is not that high as it could be. Development organizations spend a relatively large amount of money and effort on fixing quality issues during late stage development of software. One of the qualities of software that has received significant attention in recent years is durable serviceability. Software with poor durability is likely to fail in a highly competitive market; therefore, software developing organizations are paying more attention towards ensuring the durability of their software. To be able to develop durable software cost-effectively, there is a need to investigate the connection between durability characteristics and software. In software engineering, durability depends on four characteristics mainly; i.e. trustworthiness, human trust, dependability and usability of software. To address the relationship between these characteristics, software designers analyze the durability requirements which may need to be implemented to fulfill these specific requirements of software serviceability. The main objective of this article is to gain an in-depth understanding of the relationship between software and durability characteristics.

- by Francesco Gadaleta
- •
- Operating Systems, Software Security, Virtualization

ABSTRACT Nekada su se problemima sigurnosti računarskih sistema i mreža bavile vojska, diplomatija, policija i vlade. Sada to postaje problem svih koji obavljaju bankarske transakcije sa svog računa ili kupuju preko Interneta. Napadači imaju brojne prednosti, od kojih je najveća mogućnost iznenađenja, tj. mogućnost izbora vremena, mesta i načina napada. Lica zadužena za odbranu sistema moraju uvek biti spremna, na svakom mestu i za sve načine napada. Ova sveobuhvatna, jasna i sistematična knjiga posvećena je osnovnim teorijskim i praktičnim konceptima sigurnosti informacionih i komunikacionih tehnologija. Objašnjava pretnje, napade i opasnosti, kao i metode, postupke i proizvode koji služe za zaštitu. Pogodna je i za početnike i za napredne korisnike, za programere, administratore, projektante i ostale profesionalce u ovoj oblasti. Pravi je udžbenik za studente i učenike koji izučavaju ovu oblast na fakultetima i u školama. Namenjena je i menadžmentu kompanija čije se poslovanje oslanja na računarske sisteme i mreže. Teorijska objašnjenja i praktični primeri strukturirani su tako da čitaoce postupno uvode u pojedina područja sigurnosti, objašnjavaju osnovne sigurnosne usluge i zaštitne mehanizme i obučavaju ih kako da zaštite svoj računar, mrežu, izvorni kôd ili bazu podataka. Jednostavnije – cilj autora je da čitaoce nauče kako da zaštite svoju imovinu, a ne da napadaju tuđu.

As a freely downloadable reference document, “Security in the Software Life Cycle: Making Application Development Processes – and Software Produced by Them – More Secure” presents key issues in the security of software and its development processes. It introduces a number of process improvement models, risk management and development methodologies, and sound practices and supporting tools that have been reported to help reduce the vulnerabilities and exploitable defects in software and diminish the possibility that malicious logic and trap doors may be surreptitiously introduced during its development. No single practice, process, or methodology offers the universal silver bullet for software security. “Security in the Software Life Cycle” has been compiled as a reference document with practical guidance intended to tie it together and inform software practitioners of a number of practices and methodologies from which they can evaluate and selectively adopt to reshape their development processes to increase not only the security but also the quality and reliability of their software applications, services, and systems, both in development and deployment.

- by Karen Mercedes Goertzel
- •
- Software Security, Application Security, Software Assurance