Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Controlling Security of Software Development with Multi-agent System
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.
KTH, School of Information and Communication Technology (ICT), Communication Systems, CoS.ORCID iD: 0000-0002-9255-9236
2010 (English)In: KNOWLEDGE-BASED AND INTELLIGENT INFORMATION AND ENGINEERING SYSTEMS / [ed] Setchi R; Jordanov I; Howlett RJ; Jain LC, 2010, Vol. 6279, 98-107 p.Conference paper, Published paper (Refereed)
Abstract [en]

Software systems become distributed and complex. Distributed systems are crucial for organizations since they provide possibility to share data and information, resources and services. Nowadays, many software systems are not developed from scratch: system development involves reuse of already developed components. However, with the intrusion in the computer systems, it has become important that systems must fulfill security goals and requirements. Moreover, interdependencies of components create problems during integration phase. Therefore, security properties of components should be considered and evaluated earlier in the lifecycle. In this paper, we propose an agent-oriented process that supports verification of fulfillment of security goals and validation of security requirements during different phases of development lifecycle. Moreover, the system needs to support mapping of security requirements to threat list to determine if any of the attacks in the list is applicable to the system to be developed. This is performed by the meta-agents. These meta-agents automatically create a security checklist, as well as, provide control of actions taken by human agent.

Place, publisher, year, edition, pages
2010. Vol. 6279, 98-107 p.
Series
Lecture Notes in Artificial Intelligence, ISSN 0302-9743 ; 6279
Keyword [en]
Multi-agent system, security engineering, risk management, security checklist, control system
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:kth:diva-33476ISI: 000289445700011Scopus ID: 2-s2.0-78649296403ISBN: 978-3-642-15383-9 (print)OAI: oai:DiVA.org:kth-33476DiVA: diva2:417200
Conference
14th Interntional Conference on Knowledge-Based and Intelligent Information and Engineering Systems
Note
QC 20110516Available from: 2011-05-16 Created: 2011-05-09 Last updated: 2012-05-24Bibliographically approved
In thesis
1. Integrating Security in Software Engineering Process: The CSEP Methodology
Open this publication in new window or tab >>Integrating Security in Software Engineering Process: The CSEP Methodology
2012 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

In today’s organizations, a vast amount of existing software systems is insecure, which results in compromised valuable assets and has negative consequences on the organizations. Throughout the years, many attempts have been made to build secure software systems, but the solutions proposed were limited to a few add-on fixes made after implementation and installation of the system.The contribution of the research in this thesis is a software security engineering methodology, called Controlled Security Engineering Process, which provides support to developers when developing more secure software systems by integrating software lifecycle and security lifecycle, and enhancing the control in the engineering process. The proposed methodology implements security in every phase of general software system engineering, i.e., requirement, design, implementation, and testing, as well as operation and maintenance to certify that software systems are built with security in mind.The Controlled Security Engineering Process methodology addresses security problems in the development lifecycle. Construction of a secure software system involves specific steps and activities, which include security requirements specifications of system behavior, secure software design, an analysis of the design, implementation, with secure coding and integration, and operating and maintenance procedures.The methodology incorporates software security patterns and control of the engineering process. The software security patterns can be used as security controls and information sources to demonstrate how a specific security task should be performed or a specific security problem solved. Many patterns can be implemented in an automated way, which can facilitate the work of software engineers.The control of the engineering process provides visibility over the development process. The control assures that authorised developers access legitimate and necessary information and projects’ documents by using authentication, and authorization.To support implementation of automated patterns and provide control over the engineering process, a design of a multi-agent system is provided. The multi-agent system supports implementation of patterns and extracting security information, and provides traceability in the engineering process. The security information is requirements, threats and security mechanisms that are provided by matching project documents, and traceability is achieved by monitoring and logging services.The Controlled Security Engineering Process methodology has been evaluated through interviews with developers, security professionals, and decision makers in different types of organizations but also through a case study which was carried out in an organization.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2012. v, 79 p.
Series
TRITA-ICT-ECS AVH, ISSN 1653-6363 ; 12:03
National Category
Information Systems
Identifiers
urn:nbn:se:kth:diva-95393 (URN)
Public defence
2012-06-05, Sal D KTH-ICT, Forum, Isafjordsgatan 39, Kista, 13:00 (English)
Opponent
Supervisors
Note

QC 20120514

Available from: 2012-05-24 Created: 2012-05-23 Last updated: 2014-01-24Bibliographically approved

Open Access in DiVA

No full text

Scopus

Authority records BETA

Håkansson, Anne

Search in DiVA

By author/editor
Moradian, EsmiraldaHåkansson, Anne
By organisation
Communication Systems, CoS
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 60 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf