Abstract
The importance of software security technologies is increasingly recognized with the increase in services available on the Internet. It is important to foster human resources with knowledge and skills relevant to software security technologies. This paper proposes a learning process for software security and a learning environment that supports the learning process. In the learning process, learners create artifacts for software security (we call them “software security artifacts”) from artifacts (we call them “software engineering artifacts”) of a traditional software engineering course without dealing with software security, by referring to the knowledge base for software security (standards, methodologies, guidelines, security patterns, and so on). The learning environment supports storage of (1) software engineering artifacts, (2) software security artifacts, (3) a software security knowledge base, (4) rationale and association of the knowledge base with the software security artifacts, and (5) review comments and their association with the software security artifacts. We conducted a preliminary experiment to evaluate the learning process and the learning environment. We confirmed usefulness of the learning process. We also identified some improvements for the knowledge base system and learning environment, such as visualization support and traceability support.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barnum, S., McGraw, G.: Knowledge for software security. IEEE Secur. Priv. 2, 74–78 (2005)
Barnum, S. Sethi, A.: Attack patterns as a knowledge resource for building secure software. http://capec.mitre.org/documents/Attack_Patterns-Knowing_Your_Enemies_in_Order_to_Defeat_Them-Paper.pdf (2014). Accessed 10 June 2014
CAPEC: http://capec.mitre.org (2014). Accessed 10 June 2014
Common Criteria: http://www.commoncriteriaportal.org/ (2014). Accessed 10 June 2014
Firesmith, D.G.: Engineering security requirements. J. Object Technol. 2(1), 53–68 (2003)
Hakon, P., Ardi, M.S., Jensen, J., Rios, E., Sanchez, T., Shahmehri, N., Tondel, I.A.: An architectural foundation for security model sharing and reuse. In: Proceedings of the International Conference on Availability, Reliability and Security 2009, pp. 823–828 (2009)
Hazeyama, A.: A case study of undergraduate group-based software engineering project course for real world application. In: Proceedings of the First International Symposium on Tangible Software Engineering Education (STANS2009), pp. 39–44 (2009)
Hazeyama, A., Kobayashi, Y.: Collaborative software engineering environment centered around artifacts management and communication support. In: Workshop on Software Engineering Symposium 2008 (SES2008), pp. 5–6 (2008) (in Japanese)
Hazeyama, A. Shimizu, H.: Development of a software security learning environment. In: Proceedings of the 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel & Distributed Computing (SNPD2012), pp. 518–523 (2012)
Hazeyama, A.: Survey on body of knowledge regarding software security. In: Proceedings of the 13th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD2012), pp. 536–541 (2012)
Lester, C.Y.: A practical application of software security in an undergraduate software engineering course. Int. J. Comput. Sci. Issues 7(3), 1–10 (2010)
McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80–83 (2004)
Ohkubo, T.: Effectiveness of security analysis technologies in corporations. IPSJ Mag. 50(3), 230–234 (2009) (in Japanese)
Ohkubo, T., Tanaka, H.: A proposal of an efficient security requirements analysis method. J. IPSJ 50(10), 2484–2499 (2009) (in Japanese)
Schumacher, M., Fernandez-Buglioni, M., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley, New York (2006)
Shimizu, H., Hazeyama, A.: A proposal of security requirements elicitation method by misuse cases in web application development. In: Proceedings of the 73th Annual Conference of IPSJ (2011) (in Japanese)
Sindre, G., Opdahl, A.L.: Eliciting security requirements by misuse case. In: Proceedings of the 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-Pacific 2000), pp. 120–131 (2000)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. J. 10, 34–44 Springer (2005)
SQUARE: http://www.cert.org/sse/square/square-pubs.html (2014). Accessed 10 June 2014
STRIDE: http://msdn.microsoft.com/ja-jp/magazine/cc163519.aspx (2014). Accessed 10 June 2014
Acknowledgments
This study was partially supported by the Grant-in Aid for No. (C) 22500910 and No. (C) 26330394 from the Ministry of Education, Science, Sports and Culture of Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Hazeyama, A., Saito, M. (2015). Preliminary Evaluation of a Software Security Learning Environment. In: Lee, R. (eds) Software Engineering Research, Management and Applications. Studies in Computational Intelligence, vol 578. Springer, Cham. https://doi.org/10.1007/978-3-319-11265-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-11265-7_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11264-0
Online ISBN: 978-3-319-11265-7
eBook Packages: EngineeringEngineering (R0)