The security of computer applications during the design phase of SDLC is a critical issue for the safety and performance of these applications. This paper analyzes the various security techniques used to protect computer applications during their designing phase.
The Software Development Life Cycle results in a quality system that can meet or exceed the requirements of the customers. SDLC can be a specific process in the computer industry as it has four basic phases. The identification phase, development of alternatives, selection phase, and evaluation phase. It has six distinct phases which utilize the four phases mentioned previously. The first phase involved evaluating the system. The second phase is the analysis phase in which new system requirements are defined (Morie, 1999). The third phase is the design phase in which plans about hardware, operating systems, programming, communications, and security issues are discussed. The fourth phase is the development phase in which new components are obtained and installed. The system implementation phase is the fifth phase as it involves replacing the old system with the new system (elucidata.com, 2007). Finally, the new system was evaluated and maintained in the maintenance phase. Security is a critical issue at the design phase of the Software Development Life Cycle (Lee, 1999).
Threat modeling is a security method in which software applications are evaluated for any security holes and how they might be exploited. Modern threat modeling is performed by software engineers by using the perspective of adversaries (Lee, 2007). These techniques can include penetration testing and code review. These methods are limited in performance because they can be executed only after an application has been developed. Any software security problems might result in software engineers designing and modifying the software once more. This can be an expensive and burdening task for organizations. Security bugs can seriously affect the software more than functionality bugs. Any serious security bug might result in the software being rewritten which can be expensive in terms of time and money. Threat modeling also can be used by software engineers to examine potential threats (Lee, 2007). Countermeasures are designed during the design phase of the SDLC. Application requirements and objectives are usually the first phases of threat modeling. The application is designed by taking into account the user roles, components, and architecture of the application. Any threats to integrity, confidentiality, and availability are identified and countermeasures are implemented to counter such threats.
Another security method during the SDLC design phase is the use of attack trees. These are tools that use diagrams to identify threats to computer software. They consist of multi-level diagrams which have one root, leaves, and children. These diagrams plot the potential paths leading to the completion of the attack (Schneier, 1999). They are useful in determining the existence of threats and ways to counter them. Attack trees can be helpful in defining a security strategy, but implementing the policy can change the attack tree. Software engineers usually minimize the security threat by mitigating it close to the root of the attack tree. However, while reducing one threat, a different set of threats on the tree can also be generated.
Attack patterns are used by software engineers during the Software Development Life Cycle to find any errors related to software security. They are useful for providing testing purposes and to prevent vulnerabilities of software. They can be used to harden and protect software applications (Willemssen, 2000). They provide the solutions to preventing any attack. Attack patterns are categorized according to architecture, physical and external threats. They can also be categorized based on the technology used like database attack patterns, network attack patterns, etc. Architectural attack patterns can be used to find flaws in the architecture of software applications. Weaknesses in protocols, authentication strategies, and system modularization are identified by these attack patterns. Physical attack patterns target the source code of the application. External attack patterns can include malicious code like Trojans, viruses, and worms which exploit vulnerabilities in software to gain access or cause disruption. Attack patterns are like design patterns that help their development and ensures that they are properly documented (Amoroso, 1994).
Unless is an extension of Unified Modeling Language (UML) which provides security enhancements for software applications. It uses UML specifications for identifying vulnerabilities in software. Security engineering patterns are used during the design phase of the Software Development Life Cycle. Security policy is defined in UMLSec to enforce the security requirements of applications. It evaluates different threats by studying the strengths of potential adversaries. Secrecy and integrity are the security requirements that can be used by UMLSec (Anderson, 2003). Other security mechanisms like access control can also be incorporated into software applications using UMLSec. Java and Smartcards are optional security requirements that can be added to any software application by this tool. Access decisions can be made using secure log keeping for audit control in software programs. unless ensures that every object in any programming technology is checked for authority.
This is a modeling language that is derived from UML-based models. It provides relevant information for access control. It provides a vocabulary for assigning user rights, roles, and roles permissions for any software application. It is well suited for business analysis and design models for different technologies (Lodderstedt, 2005). SecureUML is used together with a host language to provide access control security mechanisms for software applications. It can be used in model-driven software to create secure access control infrastructures. This enhances the productivity, development, and quality of software applications.
Security patterns describe frequent solutions to security problems in software applications. They are formats for identifying security threats and frequent security problems which are present in software applications. Security patterns have names that provide an image of what the pattern might be about. They are also based upon security scenarios that identify the general conditions in which any security threat is occurring. They also list countermeasures for potential security risks (Schumacher, 2001). A problem is usually defined in security patterns which are elaborated by the viewpoint of the software engineers involved in the process. Any computer application which does not have adequate protection against abuse is identified. The threat can be a possible vulnerability in the application which can be used by intruders to cause disruption or damage (Schumacher, 2001). Solutions are also defined in the problem which is determined by the context of the pattern. Security objectives are written down in the security patterns. Countermeasures can be applied to reduce the security risk. Security patterns are not isolated but created with the context of other security patterns to help contain and counter any security threats to computer software applications.
Software security during the design phase of the Software Development Life Cycle is very important because of the multiple security threats which exist. Threat modeling is a form of security measure which takes on the role of adversaries to identify potential security risks to computer software. unless and SecureUML is extension of Unified Modeling Language to identify and protect the security of applications. Attack patterns, attack trees, and security patterns are tools that are also used to identify and mitigate risks to computer applications.
Amoroso, Edward (1994). Fundamentals of Computer Security (in English). Upper Saddle River: Prentice Hall.
C. Willemssen, “FAA Computer Security”. GAO/T-AIMD-00-330. Presented at Committee on Science, House of Representatives, 2000.
E. Stewart Lee: Essays about Computer Security Cambridge, 1999. Lee, Adam J, (2007).Threat Modeling as a Basis for Security Requirements. National Center for Security Requirements.
Lodderstedt, Torsten (2005).SecureUML: A UML-Based Modeling Language forModel-Driven Security. Institute for Computer Science, University of Freiburg, Germany.
Morrie Gasser: Building a secure computer systems 1999. Ross J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems 2003. Schneier, Bruce. Attack Trees. Dr Dobb’s Journal, v.24, n.12.
Schumacher, Markus (2001). Security Engineering with Patterns. Darmstadt University of Technology Department of Computer Science.
The Software Development Life Cycle (SDLC) For Small To Medium Database Applications. (2007). Web.