Systematic secure design guideline to improve integrity and availability of system security
Security is the most important dimension to the systems that involves processing and interchange of confidential information. Therefore it is a must to be designed so that they achieved a high level at security. Security specification languages can be used to represent security specification such as...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2013
|
| Subjects: |
| _version_ | 1796858032969220096 |
|---|---|
| author | Krishnan, Ashvini Devi |
| author_facet | Krishnan, Ashvini Devi |
| author_sort | Krishnan, Ashvini Devi |
| collection | ePrints |
| description | Security is the most important dimension to the systems that involves processing and interchange of confidential information. Therefore it is a must to be designed so that they achieved a high level at security. Security specification languages can be used to represent security specification such as attack specification or to be more precise about who can do what and when, and this can be achieved by enforcing access control. The suitable approach to enforce access control is Role- Based Access Control (RBAC). Only secureUML metamodel is using RBAC as security mechanism. However, secureUML metamodel does not indicate the properties of supporting basic security requirements which focusing on integrity and availability, and even the consideration of situation that leads to different possible attacks. The objective of this dissertation is to propose a systematic secure design guideline by enhancing secureUML metamodel. The enhancement is performed by integrating with protection-levels of secured layers which provides protection for the critical assets in various layers to support integrity and availability and to identify possible internal threats based on scenario by using Step-by-Step Secure Design Guideline (3SDG). In order to use the enhanced secureUML metamodel for designing a secure system, it needs to follow 3SDG to identify and validate system process. 3SDG is a guideline which is formed by integrating Comprehensive, Lightweight Application Security Process (CLASP) design steps and Sommerville’s security guideline which most suitable design guideline. Both guidelines are mainly focuses on designing secure system. By using the enhanced secureUML metamodel with 3SDG in a case study, it ables to show the solution for selected internal threats to improve integrity and Availability. This will help security designer provide protection to the computer which the system runs, application and records from threats. This model and the guideline will able to help to design more persistence secure system to maintain security from internal attacks |
| first_indexed | 2024-03-05T19:06:41Z |
| format | Thesis |
| id | utm.eprints-41731 |
| institution | Universiti Teknologi Malaysia - ePrints |
| last_indexed | 2024-03-05T19:06:41Z |
| publishDate | 2013 |
| record_format | dspace |
| spelling | utm.eprints-417312020-06-29T01:10:13Z http://eprints.utm.my/41731/ Systematic secure design guideline to improve integrity and availability of system security Krishnan, Ashvini Devi QA76 Computer software Security is the most important dimension to the systems that involves processing and interchange of confidential information. Therefore it is a must to be designed so that they achieved a high level at security. Security specification languages can be used to represent security specification such as attack specification or to be more precise about who can do what and when, and this can be achieved by enforcing access control. The suitable approach to enforce access control is Role- Based Access Control (RBAC). Only secureUML metamodel is using RBAC as security mechanism. However, secureUML metamodel does not indicate the properties of supporting basic security requirements which focusing on integrity and availability, and even the consideration of situation that leads to different possible attacks. The objective of this dissertation is to propose a systematic secure design guideline by enhancing secureUML metamodel. The enhancement is performed by integrating with protection-levels of secured layers which provides protection for the critical assets in various layers to support integrity and availability and to identify possible internal threats based on scenario by using Step-by-Step Secure Design Guideline (3SDG). In order to use the enhanced secureUML metamodel for designing a secure system, it needs to follow 3SDG to identify and validate system process. 3SDG is a guideline which is formed by integrating Comprehensive, Lightweight Application Security Process (CLASP) design steps and Sommerville’s security guideline which most suitable design guideline. Both guidelines are mainly focuses on designing secure system. By using the enhanced secureUML metamodel with 3SDG in a case study, it ables to show the solution for selected internal threats to improve integrity and Availability. This will help security designer provide protection to the computer which the system runs, application and records from threats. This model and the guideline will able to help to design more persistence secure system to maintain security from internal attacks 2013 Thesis NonPeerReviewed Krishnan, Ashvini Devi (2013) Systematic secure design guideline to improve integrity and availability of system security. Masters thesis, Universiti Teknologi Malaysia, Faculty of Computing. http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:78168?queryType=vitalDismax&query=Systematic+secure+design+guideline+to+improve&public=true |
| spellingShingle | QA76 Computer software Krishnan, Ashvini Devi Systematic secure design guideline to improve integrity and availability of system security |
| title | Systematic secure design guideline to improve integrity and availability of system security |
| title_full | Systematic secure design guideline to improve integrity and availability of system security |
| title_fullStr | Systematic secure design guideline to improve integrity and availability of system security |
| title_full_unstemmed | Systematic secure design guideline to improve integrity and availability of system security |
| title_short | Systematic secure design guideline to improve integrity and availability of system security |
| title_sort | systematic secure design guideline to improve integrity and availability of system security |
| topic | QA76 Computer software |
| work_keys_str_mv | AT krishnanashvinidevi systematicsecuredesignguidelinetoimproveintegrityandavailabilityofsystemsecurity |