Idea: Interactive Support for Secure Software Development

  • Jing Xie
  • Bill Chu
  • Heather Richter Lipford
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6542)

Abstract

Security breaches are often caused by software bugs, which may frequently be due to developers’ memory lapses, lack of attention/focus, and knowledge gaps. Developers have to contend with heavy cognitive loads to deal with issues such as functional requirements, deadlines, security, and runtime performance. We propose to integrate secure programming support seamlessly into Integrated Development Environments (IDEs) in order to help developers cope with their heavy cognitive load and reduce security errors. As proof of concept, we developed a plug-in for Eclipse’s Java development environment. Developers will be alerted to potential secure programming concerns, such as input validation, data encoding, and access control as well as encouraged to comply with secure coding standards.

Keywords

security software development secure programming code refactoring code annotation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Hafiz, M., Adamczyk, P., Johnson, R.: Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations. In: Massacci, F., Redwine Jr., S.T., Zannone, N. (eds.) ESSoS 2009. LNCS, vol. 5429, pp. 75–90. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Evans, K., Reeder, F.: A Human Captial Crisis in Cybersecurity. Center for Strategic and International Studies (2010)Google Scholar
  3. 3.
    Ko, A., Myers, B.: A framework and methodology for studying the causes of software errors in programming systems. Journal of Visual Languages and Computing 16, 41–84 (2005)CrossRefGoogle Scholar
  4. 4.
    Knuth, D.: The errors of TeX–Software: Practice and Experience, vol. 19(7), pp. 607–685 (1989)Google Scholar
  5. 5.
    McGraw, G., Chess, B., Migues, S.: Building Security in Maturity Model (2009), http://www.www.bsimm2.com
  6. 6.
    Preece, J., Sharp, H., Rogers, Y.: Interaction design: Beyond human-computer interaction. Wiley, Indianapolis (2007)Google Scholar
  7. 7.
    Reason, J.: Human Error. Cambridge University Press, Cambridge (1990)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jing Xie
    • 1
  • Bill Chu
    • 1
  • Heather Richter Lipford
    • 1
  1. 1.Department of Software and Information Systems, Center for Cyber Defense and Network AssuranceUniversity of North Carolina at CharlotteCharlotteUSA

Personalised recommendations