Integrating security and privacy in software development

  • PDF / 2,359,117 Bytes
  • 32 Pages / 439.37 x 666.142 pts Page_size
  • 6 Downloads / 288 Views

DOWNLOAD

REPORT


Integrating security and privacy in software development Maria Teresa Baldassarre 1 & Vita Santa Barletta 1

1

& Danilo Caivano & Michele Scalera

1

# Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract

As a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, and threats to applications security have been continuously evolving. Security of code and privacy of data must be implemented in both design and programming practice to face such scenarios. In such a context, this paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). The approach can be applied in two directions forward and backward, for developing new software systems or re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an application in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code, and design the target architecture to be used for guiding privacy-oriented system re-engineering. Keywords Privacy by Design . Security by design . Secure software development . Secure architecture . System re-engineering . Cybersecurity . Application security

* Vita Santa Barletta [email protected] Maria Teresa Baldassarre [email protected] Danilo Caivano [email protected] Michele Scalera [email protected]

1

Department of Computer Science, University of Bari Aldo Moro, Via Orabona 4, 70125 Bari, Italy

Software Quality Journal

1 Introduction Nowadays, software systems and services impact technological layers and different application domains (Baldassarre et al. 2018). The growing dimension and complexity of software increase the range of cyber-attacks, the risk of information exfiltration, and data breach. In this context, Security and Privacy play a major role in preserving the confidentiality, integrity, and availability of data. The number of attacks on information systems has been growing constantly in recent years (IBM 2019). The aim is to steal information and data by exploiting the vulnerabilities within the code (Halkidis et al. 2008). This implies the need to identify and understand (at least) the most common threats to software security, disseminate security best practices, and address the security problem from the early stages of software development. Security should be a basic feature of software applications such as automatically enabling complex password building mechanisms rather than procedures for renewing passwords periodically. The lack of system security can compromise privacy and for this reason priva