Title :
Security Inspection Scenarios – A Facet of Security
Author :
Klaus, Alexander ; Elberzhager, Frank
Author_Institution :
Dept. Testing & Inspections, Fraunhofer Inst. Exp. Software Eng. IESE, Kaiserslautern, Germany
Abstract :
Today´s software is often subject to attacks that exploit vulnerabilities. Since in the area of security, vulnerabilities are hard to find, quality assurance needs detailed guidance. Focusing on early quality assurance, we propose Security Inspection Scenarios as reading support for static quality assurance. They provide detailed guidance and clear and comprehensible structuring. As the vulnerabilities are partly dependent on the operating system and programming language used, we need to build generic scenarios and instantiate them. In this paper, we show how to create Security Inspection Scenarios, accompanied by a short example demonstrating their usage. After an analysis of the possible benefits of our approach, a proposal for an evaluation is presented. We assume our scenarios support practitioners in a beneficial way and are applicable in most development lifecycles which are interested in security aspects.
Keywords :
inspection; operating systems (computers); programming languages; security of data; software engineering; comprehensible structuring; development lifecycle; operating system; programming language; security aspect; security inspection scenarios; static quality assurance; Computer languages; Inspection; Life testing; Operating systems; Proposals; Quality assurance; Security; Software engineering; Software testing; System testing; Security; inspection; reading support; verification; vulnerability;
Conference_Titel :
Advances in System Testing and Validation Lifecycle, 2009. VALID '09. First International Conference on
Conference_Location :
Porto
Print_ISBN :
978-1-4244-4862-3
Electronic_ISBN :
978-0-7695-3774-0
DOI :
10.1109/VALID.2009.10
