DOI: 10.5176/978-981-08-7656-2_ITS20100-32
Authors: Curtis Busby-Earle and Ezra K. Mugisa
Abstract:
Within recent years software development processes have all but required the inclusion of expertise in methods that attempt to ensure the security of a system. In contemporary software development there are a number of such methods. Many of these methods are however introduced in the latter stages of development or try to address the issues of securing a software system by envisioning possible threats to that system, knowledge thatis usually both subjective and esoteric. In this paper we introduce the concept of path fixation and discuss how contradictory paths or loopholes, discovered during requirements engineering and using only are quirements specification document, can lead to potential security flaws in a proposed system.The SECREt is a proof-of-concept prototype tool developed to demonstrate the effectiveness of loophole analysis.We discuss how the tool performs a loophole analysis and present the results of tests conducted on an actual specification document. We conclude that loophole analysis is an effective, objective method for the discovery ofpotential vulnerabilitites that exist in proposed systems andthat the SECREt can be successfully incorporated into the requirements engineering process.
Updating...