Software Security Engineering Monitoring and Control
2011 (English)Conference paper (Refereed)
Poorly constructed software can induce security weaknesses and defects, which can be exploited by attackers. Despite many security standards and mechanisms, a vast amount of software systems have security vulnerabilities. The security problems induce the necessity of monitoring and controlling software development and maintenance. In this paper, we propose a multi-agent system that supports security in development of new systems and modification of existing systems. Thus, the multi-agent system verifies and validates the goals and requirements during different phases of development lifecycle. For the verification and validation, searching for information and mapping are needed. Searching for information about the project and security documents such as, risks, list of threats and vulnerabilities is performed by software agents. Comparisons and analyzes of requirements and use cases as well as mapping of those to attack patterns is performed by meta-agents. The proposed multi-agent system supports confidentiality, integrity, availability, accountability, and non-repudiation.
Place, publisher, year, edition, pages
IdentifiersURN: urn:nbn:se:kth:diva-95355OAI: oai:DiVA.org:kth-95355DiVA: diva2:527941
The 2010 International Conference on Software Engineering Research and Practice
QC 201205242012-05-232012-05-232012-05-24Bibliographically approved