Identifying emerging security concepts using software artifacts through an experimental case

Gastón Márquez, Paulina Silva, Rene Noël, Santiago Matalonga, Hernán Astudillo

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The development of secure software systems is an increasingly important research topic in software engineering. Several authors have proposed methods, techniques and tools to software development practices in order to identify and/or mitigate security threats. These methods and techniques are based in traditional software engineering artifacts, such as Use Cases, Activity Diagrams and Domain Models. However, the lack of scientific evidence of the quality or efficiency of these methods, leads us to question if this approach is necessary for software security experts. This article proposes an experimental approach to explore if software development artifacts are relevant when making security decisions in software development, and how are they used. We have designed a survey in order to ask these questions to software security and architecture experts. We used the Constant Comparison Method in order to find emerging security theories about software artifacts, grounded in the answers of the experts. Our results add experimental evidence into the use and usefullness of software development artifacts in helping to reduce security vulnerabilities in practice, from the experts point of view. Our results add experimental evidence into the use and usefulness of software development artifacts to evaluate the security from the point of view of the experts. Our evidence suggests that not all software artifacts are equally useful in the design of secure architectures , considering the "Use Cases" and "Class Diagrams" as the most useful artifacts according to our respondents. Also, our evidence suggest that experts do not agree in the importance of analyzing security concerns through the whole software life cycle, nor in the abstraction level required for this task.
Original languageEnglish
Title of host publication34th International Conference of the Chilean Computer Science Society (SCCC), 2015
PublisherIEEE
Pages1-6
ISBN (Electronic)978-1-4673-9817-6, 978-1-4673-9816-9
DOIs
Publication statusPublished - 2015
Externally publishedYes

Keywords

  • Software Architecture
  • Software Engineering
  • Empirical Software Engineering

Fingerprint

Dive into the research topics of 'Identifying emerging security concepts using software artifacts through an experimental case'. Together they form a unique fingerprint.

Cite this