Identifying emerging security concepts using software artifacts through an experimental case

Gastón Márquez, Paulina Silva, Rene Noël, Santiago Matalonga, Hernán Astudillo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The development of secure software systems is an increasingly important research topic in software engineering. Several authors have proposed methods, techniques and tools to software development practices in order to identify and/or mitigate security threats. These methods and techniques are based in traditional software engineering artifacts, such as Use Cases, Activity Diagrams and Domain Models. However, the lack of scientific evidence of the quality or efficiency of these methods, leads us to question if this approach is necessary for software security experts. This article proposes an experimental approach to explore if software development artifacts are relevant when making security decisions in software development, and how are they used. We have designed a survey in order to ask these questions to software security and architecture experts. We used the Constant Comparison Method in order to find emerging security theories about software artifacts, grounded in the answers of the experts. Our results add experimental evidence into the use and usefullness of software development artifacts in helping to reduce security vulnerabilities in practice, from the experts point of view. Our results add experimental evidence into the use and usefulness of software development artifacts to evaluate the security from the point of view of the experts. Our evidence suggests that not all software artifacts are equally useful in the design of secure architectures , considering the "Use Cases" and "Class Diagrams" as the most useful artifacts according to our respondents. Also, our evidence suggest that experts do not agree in the importance of analyzing security concerns through the whole software life cycle, nor in the abstraction level required for this task.
Original languageEnglish
Title of host publication34th International Conference of the Chilean Computer Science Society (SCCC), 2015
PublisherIEEE
Pages1-6
ISBN (Electronic)978-1-4673-9817-6, 978-1-4673-9816-9
DOIs
Publication statusPublished - 2015
Externally publishedYes

Fingerprint

Software engineering
Life cycle

Keywords

  • Software Architecture
  • Software Engineering
  • Empirical Software Engineering

Cite this

Márquez, G., Silva, P., Noël, R., Matalonga, S., & Astudillo, H. (2015). Identifying emerging security concepts using software artifacts through an experimental case. In 34th International Conference of the Chilean Computer Science Society (SCCC), 2015 (pp. 1-6). IEEE. https://doi.org/10.1109/SCCC.2015.7416581
Márquez, Gastón ; Silva, Paulina ; Noël, Rene ; Matalonga, Santiago ; Astudillo, Hernán. / Identifying emerging security concepts using software artifacts through an experimental case. 34th International Conference of the Chilean Computer Science Society (SCCC), 2015 . IEEE, 2015. pp. 1-6
@inproceedings{9f6affdc0f75490a8e72cf18bd5f4a41,
title = "Identifying emerging security concepts using software artifacts through an experimental case",
abstract = "The development of secure software systems is an increasingly important research topic in software engineering. Several authors have proposed methods, techniques and tools to software development practices in order to identify and/or mitigate security threats. These methods and techniques are based in traditional software engineering artifacts, such as Use Cases, Activity Diagrams and Domain Models. However, the lack of scientific evidence of the quality or efficiency of these methods, leads us to question if this approach is necessary for software security experts. This article proposes an experimental approach to explore if software development artifacts are relevant when making security decisions in software development, and how are they used. We have designed a survey in order to ask these questions to software security and architecture experts. We used the Constant Comparison Method in order to find emerging security theories about software artifacts, grounded in the answers of the experts. Our results add experimental evidence into the use and usefullness of software development artifacts in helping to reduce security vulnerabilities in practice, from the experts point of view. Our results add experimental evidence into the use and usefulness of software development artifacts to evaluate the security from the point of view of the experts. Our evidence suggests that not all software artifacts are equally useful in the design of secure architectures , considering the {"}Use Cases{"} and {"}Class Diagrams{"} as the most useful artifacts according to our respondents. Also, our evidence suggest that experts do not agree in the importance of analyzing security concerns through the whole software life cycle, nor in the abstraction level required for this task.",
keywords = "Software Architecture, Software Engineering, Empirical Software Engineering",
author = "Gast{\'o}n M{\'a}rquez and Paulina Silva and Rene No{\"e}l and Santiago Matalonga and Hern{\'a}n Astudillo",
year = "2015",
doi = "10.1109/SCCC.2015.7416581",
language = "English",
pages = "1--6",
booktitle = "34th International Conference of the Chilean Computer Science Society (SCCC), 2015",
publisher = "IEEE",
address = "United States",

}

Márquez, G, Silva, P, Noël, R, Matalonga, S & Astudillo, H 2015, Identifying emerging security concepts using software artifacts through an experimental case. in 34th International Conference of the Chilean Computer Science Society (SCCC), 2015 . IEEE, pp. 1-6. https://doi.org/10.1109/SCCC.2015.7416581

Identifying emerging security concepts using software artifacts through an experimental case. / Márquez, Gastón; Silva, Paulina; Noël, Rene; Matalonga, Santiago; Astudillo, Hernán.

34th International Conference of the Chilean Computer Science Society (SCCC), 2015 . IEEE, 2015. p. 1-6.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Identifying emerging security concepts using software artifacts through an experimental case

AU - Márquez, Gastón

AU - Silva, Paulina

AU - Noël, Rene

AU - Matalonga, Santiago

AU - Astudillo, Hernán

PY - 2015

Y1 - 2015

N2 - The development of secure software systems is an increasingly important research topic in software engineering. Several authors have proposed methods, techniques and tools to software development practices in order to identify and/or mitigate security threats. These methods and techniques are based in traditional software engineering artifacts, such as Use Cases, Activity Diagrams and Domain Models. However, the lack of scientific evidence of the quality or efficiency of these methods, leads us to question if this approach is necessary for software security experts. This article proposes an experimental approach to explore if software development artifacts are relevant when making security decisions in software development, and how are they used. We have designed a survey in order to ask these questions to software security and architecture experts. We used the Constant Comparison Method in order to find emerging security theories about software artifacts, grounded in the answers of the experts. Our results add experimental evidence into the use and usefullness of software development artifacts in helping to reduce security vulnerabilities in practice, from the experts point of view. Our results add experimental evidence into the use and usefulness of software development artifacts to evaluate the security from the point of view of the experts. Our evidence suggests that not all software artifacts are equally useful in the design of secure architectures , considering the "Use Cases" and "Class Diagrams" as the most useful artifacts according to our respondents. Also, our evidence suggest that experts do not agree in the importance of analyzing security concerns through the whole software life cycle, nor in the abstraction level required for this task.

AB - The development of secure software systems is an increasingly important research topic in software engineering. Several authors have proposed methods, techniques and tools to software development practices in order to identify and/or mitigate security threats. These methods and techniques are based in traditional software engineering artifacts, such as Use Cases, Activity Diagrams and Domain Models. However, the lack of scientific evidence of the quality or efficiency of these methods, leads us to question if this approach is necessary for software security experts. This article proposes an experimental approach to explore if software development artifacts are relevant when making security decisions in software development, and how are they used. We have designed a survey in order to ask these questions to software security and architecture experts. We used the Constant Comparison Method in order to find emerging security theories about software artifacts, grounded in the answers of the experts. Our results add experimental evidence into the use and usefullness of software development artifacts in helping to reduce security vulnerabilities in practice, from the experts point of view. Our results add experimental evidence into the use and usefulness of software development artifacts to evaluate the security from the point of view of the experts. Our evidence suggests that not all software artifacts are equally useful in the design of secure architectures , considering the "Use Cases" and "Class Diagrams" as the most useful artifacts according to our respondents. Also, our evidence suggest that experts do not agree in the importance of analyzing security concerns through the whole software life cycle, nor in the abstraction level required for this task.

KW - Software Architecture

KW - Software Engineering

KW - Empirical Software Engineering

U2 - 10.1109/SCCC.2015.7416581

DO - 10.1109/SCCC.2015.7416581

M3 - Conference contribution

SP - 1

EP - 6

BT - 34th International Conference of the Chilean Computer Science Society (SCCC), 2015

PB - IEEE

ER -

Márquez G, Silva P, Noël R, Matalonga S, Astudillo H. Identifying emerging security concepts using software artifacts through an experimental case. In 34th International Conference of the Chilean Computer Science Society (SCCC), 2015 . IEEE. 2015. p. 1-6 https://doi.org/10.1109/SCCC.2015.7416581