Title page for ETD etd-12172009-231623


Type of Document Master's Thesis
Author Clagett II, Lee Manning
Author's Email Address lclagett@vt.edu
URN etd-12172009-231623
Title Security Requirements for the Prevention of Modern Software Vulnerabilities and a Process for Incorporation into Classic Software Development Lifecycles
Degree Master of Science
Department Computer Science
Advisory Committee
Advisor Name Title
Arthur, James D. Committee Chair
Balci, Osman Committee Member
Marchany, Randolph C. Committee Member
Keywords
  • Access Driven VV&T
  • Assumptions
  • Constraints
  • Requirements
  • Vulnerabilities
  • Software Security
Date of Defense 2009-12-14
Availability unrestricted
Abstract
Software vulnerabilities and their associated exploits have been increasing over the last several years - this research attempts to reverse that trend. Currently, security experts recommend that concerns for security start at the earliest stage possible, generally during the requirements engineering phase. Having a set of security requirements enables the production of a secure design, and product implementation. Approaches for creating security requirements exist, but all have a similar limitation - a security expert is required.

This research provides a set of software security requirements that mitigate the introduction of software vulnerabilities, and reduces the need for security expertise. The security requirements can be implemented by software engineers with limited security experience, and be used with any computer language or operating system. Additionally, a tree structure, called the software security requirements tree (SSRT), is provided to support security requirement selection, based on project characteristics. A graphical interface for the SSRT is provided through a prototype Java tool, to support the identification and selection of appropriate software security requirements.

This research also provides a set of security artifacts to support a comprehensive verification, validation, and testing (VV&T) strategy. Those artifacts are generic, and represent design and implementation elements reflecting software security requirements. The security artifacts are used in verification strategies to confirm their necessity and existence in the actual design and implementation products.

Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  Clagett_LM_T_2009.pdf 2.50 Mb 00:11:33 00:05:56 00:05:12 00:02:36 00:00:13

Browse All Available ETDs by ( Author | Department )

dla home
etds imagebase journals news ereserve special collections
virgnia tech home contact dla university libraries

If you have questions or technical problems, please Contact DLA.