Embedding Model Driven Security Policies

5509 Words23 Pages
Embedding Model-Driven Security Policies in Software Development Xxxxxx Xxxxxxx XXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXX Xxx XXX, XXX xxxxxxx@xxxxx.xxx Xxxxxx Xxxxx XXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXX Xxx XXX, XXX xxxxxxx@xxxxx.xxx Abstract—Security in software applications is frequently an afterthought. Security testing is often conducted at the end of the development life cycle due to either the lack of security development experience or the lack of security requirement definition at the beginning. Despite of the awareness of the developers about security vulnerabilities, they possess little or no knowledge of how to implement methods to secure data and applications. In addition, the lack of support for tools and security automation…show more content…
Besides, many cyber security practitioners focus on the promise of network security as a kind of silver bullet solution [3]. Without security design upfront, developers will need to fit the security design late in the development phase which often involves high level of redesign and code refactoring, causing delays in delivery dates and increasing the cost to fix security problems. Companies from different sectors have spent considerable amounts of money to secure their systems, but it seems that something is wrong with the current practices since data breaches are reported constantly, which had resulted in millions of losses in various incidents [5]. For example, an attack on direct marketer Epsilon had put an estimated 60 million records at risk. In another incident, one million passwords were stolen from Sony Pictures, 77 million accounts were compromised at the company’s PlayStation network, and 25 million records were breached at Sony Online Entertainment [4]. With the introduction of distributed systems, especially systems that are Internet enabled, securing data is one of the major priorities for organizations. Protecting data in motion is one of the main challenges for web applications [4]. An eavesdropper can listen to the data in transmission. It is important to keep the sensitive data confidential from unauthorized parties. Another common vulnerability is the lack of access control mechanism to
Open Document