Abstract
The main problem faced by system administrators nowadays is the protection of data against unauthorized access or corruption due to malicious actions. In fact, due to the impressive growth of the Internet, software security has become one vital concern in any information infrastructure. Unfortunately, software security is still commonly misunderstood. This chapter presents key concepts on security, also providing the basis for understanding existing challenges on developing and deploying secure software systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Cachin, C., Camenisch, J., Deswarte, Y., Dobson, J., Horne, D., Kursawe, K., Laprie, J.-C., Lebraud, J.-C., Long, D., McCutcheon, T., Muller, J., Petzold, F., Pfitzmann, B., Powell, D., Randell, B., Schunter, M., Shoup, V., Veríssimo, P., Trouessin, G., Stroud, Robert J., Waidner, M., Welch, I.S.: MAFTIA: reference model and use cases (2000)
Center for Internet Security. http://www.cisecurity.org/
Christey, S., Martin, R.A.: Vulnerability type distributions in CVE. V1. 0. 10, 04 (2006)
Commission of the European Communities: The IT security evaluation manual (ITSEM) (1993)
Echtle, K., Leu, M.: The EFA fault injector for fault-tolerant distributed system testing. In: Workshop on Fault-Tolerant Parallel and Distributed Systems. IEEE Computer Society Press, Amherst (1992)
Fonseca, J., Vieira, M., Madeira, H.: Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007) (2007)
Fonseca, J., Vieira, M., Madeira, H.: Vulnerability & attack injection for web applications. In: IEEE/IFIP International Conference on Dependable Systems & Networks, 2009, DSN ‘09 (2009)
Ghezzi, C., Jazayeri, M., Mandrioli, D.: Fundamentals of software engineering. Prentice Hall PTR, Upper Saddle River (2002)
Howard, M., Leblanc, D.E.: Writing Secure Code. Microsoft Press, Redmond (2002)
Infrastructure, P.K., Profile, T.P.: Common criteria for information technology security evaluation. National Security Agency (2002)
Maxion, R.A., Tan, K.M.C.: Benchmarking anomaly-based detection systems. In: Proceedings International Conference on Dependable Systems and Networks, 2000, DSN 2000 (2000)
McGraw, G., Potter, B.: Software security testing. IEEE Secur. Priv. 2(5), 81–85 (2004)
McGraw, G.: Software security: building security in. Addison-Wesley Professional, Boston (2006)
Neto, A.A., Vieira, M.: A trust-based benchmark for DBMS configurations. In: 15th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC ‘09, pp. 143–150 (2009)
Neto, A.A., Vieira, M.: Towards assessing the security of DBMS configurations. In: IEEE International Conference on Dependable Systems and Networks with FTCS and DCC, DSN 2008, pp. 90–95 (2008)
Neto, A.A., Vieira, M.: Benchmarking untrustworthiness. Int. J. Dependable Trustworthy Inf Syst 1(2), 32–54 (2010)
Neves, N., Antunes, J., Correia, M., Verissimo, P.: Using attack injection to discover new vulnerabilities. In: International Conference on Dependable Systems and Networks, DSN 2006 (2006)
OWASP Foundation: OWASP application security FAQ version 3. http://www.owasp.org/index.php/OWASP_Application_Security_FAQ
Qiu, L., Zhang, Y., Wang, F., Kyung, M., Mahajan, H.R.: Trusted computer system evaluation criteria. In: National Computer Security Center (1985)
Singhal, A., Winograd, T., Scarfone, K.: Guide to secure web services: recommendations of the national institute of standards and technology. Report, National Institute of Standards and Technology, US Department of Commerce (2007)
Stock, A., Williams, J., Wichers, D.: OWASP top 10 (2007)
Stuttard, D., Pinto, M.: The web application hacker’s handbook: discovering and exploiting security flaws. Wiley, Chichester (2007)
Vieira, M., Madeira, H.: Towards a security benchmark for database management systems. In: International Conference on Dependable Systems and Networks, DSN 2005 (2005)
Sandia National Laboratories: Information operations red team and assessmentsTM. http://www.sandia.gov/iorta/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Italia
About this chapter
Cite this chapter
Vieira, M., Antunes, N. (2013). Introduction to Software Security Concepts. In: Cotroneo, D. (eds) Innovative Technologies for Dependable OTS-Based Critical Systems. Springer, Milano. https://doi.org/10.1007/978-88-470-2772-5_3
Download citation
DOI: https://doi.org/10.1007/978-88-470-2772-5_3
Published:
Publisher Name: Springer, Milano
Print ISBN: 978-88-470-2771-8
Online ISBN: 978-88-470-2772-5
eBook Packages: Computer ScienceComputer Science (R0)