English
Related papers

Related papers: Checking Security Compliance between Models and Co…

200 papers
Can I Check What I Designed? Mapping Security Design DSLs to Code Analyzers

When assessing the potential impact of code-level vulnerabilities, e.g., discovered by automated analyzers, it is essential to consider them in the context of the system's security design. However, this is a challenging task due to the…

Cryptography and Security · Computer Science 2026-05-11 Sven Peldszus , Frederik Reiche , Kevin Hermann , Sophie Corallo , Thorsten Berger , Robert Heinrich
A Novel Approach to Identify Security Controls in Source Code

Secure by Design has become the mainstream development approach ensuring that software systems are not vulnerable to cyberattacks. Architectural security controls need to be carefully monitored over the software development life cycle to…

Software Engineering · Computer Science 2023-07-13 Ahmet Okutan , Ali Shokri , Viktoria Koscinski , Mohamad Fazelinia , Mehdi Mirakhorli
Checking Security Policy Compliance

Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our…

Cryptography and Security · Computer Science 2008-10-01 Vaibhav Gowadia , Csilla Farkas , Michiharu Kudo
Stateless Code Model Checking of Information Flow Security

Observational determinism is a security property that characterizes secure information flow for multithreaded programs. Most of the methods that have been used to verify observational determinism are based on either type systems or…

Programming Languages · Computer Science 2016-03-14 Elaheh Ghassabani , Mohammad Abdollahi Azgomi
Integration of Security Modules in Software Development Lifecycle Phases

Information protection is becoming a focal point for designing, creating and implementing software applications within highly integrated technology environments. The use of a safe coding technique in the software development process is…

Software Engineering · Computer Science 2020-12-11 Isaac Chin Eian , Lim Ka Yong , Majesty Yeap Xiao Li , Noor Affan Bin Noor Hasmaddi , Fatima-tuz-Zahra
Quantitative Information Flow Control by Construction for Component-Based Systems

Secure software architecture is increasingly important in a data-driven world. When security is neglected sensitive information might leak through unauthorized access. To mitigate this software architects needs tools and methods to quantify…

Software Engineering · Computer Science 2024-01-17 Rasmus Carl Rønneberg
How Dataflow Diagrams Impact Software Security Analysis: an Empirical Experiment

Models of software systems are used throughout the software development lifecycle. Dataflow diagrams (DFDs), in particular, are well-established resources for security analysis. Many techniques, such as threat modelling, are based on DFDs…

Software Engineering · Computer Science 2024-01-10 Simon Schneider , Nicolás E. Díaz Ferreyra , Pierre-Jean Quéval , Georg Simhandl , Uwe Zdun , Riccardo Scandariato
Feature-Based Software Design Pattern Detection

Software design patterns are standard solutions to common problems in software design and architecture. Knowing that a particular module implements a design pattern is a shortcut to design comprehension. Manually detecting design patterns…

Software Engineering · Computer Science 2021-12-03 Najam Nazar , Aldeida Aleti , Yaokun Zheng
Awareness of Secure Coding Guidelines in the Industry -- A first data analysis

Software needs to be secure, in particular, when deployed to critical infrastructures. Secure coding guidelines capture practices in industrial software engineering to ensure the security of code. This study aims to assess the level of…

Software Engineering · Computer Science 2021-01-07 Tiago Espinha Gasiba , Ulrike Lechner , Maria Pinto-Albuquerque , Daniel Mendez Fernandez
An Advanced Approach for Choosing Security Patterns and Checking their Implementation

This paper tackles the problems of generating concrete test cases for testing whether an application is vulnerable to attacks, and of checking whether security solutions are correctly implemented. The approach proposed in the paper aims at…

Software Engineering · Computer Science 2020-07-08 Sébastien Salva , Loukmen Regainia
Finding Software Vulnerabilities in Open-Source C Projects via Bounded Model Checking

Computer-based systems have solved several domain problems, including industrial, military, education, and wearable. Nevertheless, such arrangements need high-quality software to guarantee security and safety as both are mandatory for…

Cryptography and Security · Computer Science 2023-11-13 Janislley Oliveira de Sousa , Bruno Carvalho de Farias , Thales Araujo da Silva , Eddie Batista de Lima Filho , Lucas C. Cordeiro
Semi-Automated Threat Modeling of Cloud-Based Systems Through Extracting Software Architecture from Configuration and Network Flow

Traditional threat modeling occurs during design, but cloud deployments introduce unanticipated threats, especially multi-stage attacks chaining vulnerabilities across trust boundaries. Existing security tools analyze components in…

Cryptography and Security · Computer Science 2026-03-25 Nicholas Pecka , Lotfi Ben Othmane , Bharat Bhargava , Renee Bryce
Reasoning about inter-procedural security requirements in IoT applications

The importance of information security dramatically increased and will further grow due to the shape and nature of the modern computing industry. Software is published at a continuously increasing pace. The Internet of Things and security…

Cryptography and Security · Computer Science 2022-05-10 Mattia Paccamiccio , Leonardo Mostarda
An Exploratory Study on the Engineering of Security Features

Software security is of utmost importance for most software systems. Developers must systematically select, plan, design, implement, and especially, maintain and evolve security features -- functionalities to mitigate attacks or protect…

Software Engineering · Computer Science 2025-09-30 Kevin Hermann , Sven Peldszus , Jan-Philipp Steghöfer , Thorsten Berger
A formal methodology for integral security design and verification of network protocols

We propose a methodology for verifying security properties of network protocols at design level. It can be separated in two main parts: context and requirements analysis and informal verification; and formal representation and procedural…

Cryptography and Security · Computer Science 2013-10-29 Jesus Diaz , David Arroyo , Francisco B. Rodriguez
Tracing Execution of Software for Design Coverage

Test suites are designed to validate the operation of a system against requirements. One important aspect of a test suite design is to ensure that system operation logic is tested completely. A test suite should drive a system through all…

Software Engineering · Computer Science 2016-11-15 Raimondas Lencevicius , Edu Metz , Alexander Ran
Characterizing and Understanding Software Developer Networks in Security Development

To build secure software, developers often work together during software development and maintenance to find, fix, and prevent security vulnerabilities. Examining the nature of developer interactions during their security activities…

Software Engineering · Computer Science 2019-07-30 Song Wang , Nachi Nagappan
Experimental Security Analysis of Controller Software in SDNs: A Review

The software defined networking paradigm relies on the programmability of the network to automatically perform management and reconfiguration tasks. The result of adopting this programmability feature is twofold: first by designing new…

Networking and Internet Architecture · Computer Science 2019-06-25 Tiago V. Ortiz , Bruno Kimura , Jó Ueyama , Valério Rosset
Risk Assessment, Threat Modeling and Security Testing in SDLC

The software development process is considered as one of the key guidelines in the creation of said software and this approach is necessary for providing a more efficient yet satisfactory output. Without separation of work into distinct…

Software Engineering · Computer Science 2020-12-15 Alya Hannah Ahmad Kamal , Caryn Chuah Yi Yen , Gan Jia Hui , Pang Sze Ling , Fatima-tuz-Zahra
Inspection Guidelines to Identify Security Design Flaws

Recent trends in the software development practices (Agile, DevOps, CI) have shortened the development life-cycle causing the need for efficient security-by-design approaches. In this context, software architectures are analyzed for…

Software Engineering · Computer Science 2019-06-06 Katja Tuma , Danial Hosseini , Kyriakos Malamas , Riccardo Scandariato
‹ Prev 1 2 3 10 Next ›