Advertisement

Security Assurance by Efficient Non-repudiation Requirements

Part of the Advances in Intelligent Systems and Computing book series (volume 167)

Abstract

Security is an age long dream in all the walks of our social life. In software industry, security is regarded as wheels on which the entire system can move smoothly. Various tools/techniques have been deployed for developing secure software, but, on the other hand, attackers are continuously exploiting vulnerabilities to compromise security. Firewalls, intrusion prevention/detection and antivirus systems cannot simply solve this problem to the desirable extent. Only a rigorous effort by the software development community for building more secure software can foil attackers and allow users to feel protected from such exploitations. Research studies reveal that security cannot be added in developed software rather it should be introduced right from the beginning in the SDLC. To achieve this objective, security measures must be embedded throughout the SDLC phases and starting from the requirements phase itself. Non-Repudiation requirement is globally accepted as one of the prominent security requirements. Appropriate level of non-repudiation may well enforce security features and hence, ensure security for deployed software. A checklist is proposed, in this paper, which may enable assessment of the appropriateness of non-repudiation requirements and lead to counter/additional measures for security assurance.

Keywords

Software Security Security Assurance Non-Repudiation Non-Repudiation Checklist 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American Bar Association, Digital signature guidelines: Legal infrastructure for certification authorities and secure electronic commerce, USA (August 1, 1996), http://www.abanet.org/scitech/ec/isc/dsg.pdf (retrieved June 2, 2008)
  2. Controller of Certifying Authorities. Security procedure for electronic records and digital signature, http://www.cca.gov.in/faq_it.jsp (retrieved July 12, 2009)
  3. Cornell University. Baseline IT security requirements, version 1.2. (October 17, 2008), http://www.cit.cornell.edu/security/depth/requirements/ (retrieved June 12, 2008)
  4. Encyclopedia. Non-repudiation. PC Magazine Encyclopedia, http://www.pcmag.com/encyclopedia_term/0,2542,t=nonrepudiation&i=48067,00.asp (retrieved March 2, 2010)
  5. Gilliam David, P., Kelly John, C., Powell John, D., Matt, B.: Development of a Software Security Assessment Instrument to Reduce Software Security Risk. In: The Proceedings of the WETICE, pp. 144–149 (2011)Google Scholar
  6. Thomas, G., Tom, K., Valerie, M.: Electronic security: Risk mitigation in financial transactions public policy issues. The World Bank (2002), http://info.worldbank.org/etools/docs/library/83592/esecurity_risk_mitigation.pdf (retrieved June 12, 2008)
  7. Linda, H.: MUETA: What every public sector lawyer should know, MUETA: What Every Public Sector Lawyer Should Know (December 2004), http://www.mass.gov/Eoaf/docs/itd/guidance/legal/mueta_for_public_sector_lawyers.ppt#256 (retrieved June 12, 2008)
  8. Jake, K., Daniel, M.: Information technology risk assessment in enterprise environments. John Wiley & Sons (2010)Google Scholar
  9. Locke, G., Gallagher, P.D.: Recommended security controls for federal information systems and organizations, NIST Special Publication 800-53 (August 2009)Google Scholar
  10. Adrian, M., William, C.: Non repudiation in the digital environment. First Monday 5(8) (August 7, 2000), http://www.firstmonday.org/issues/issue5_8/mccullagh/ (retrieved May 3, 2008)
  11. Mustafa, K., Pandey, S.K., Rehman, S.: Security assurance by efficient access control and rights. CSI Communication 32(6), 29–33 (2008)Google Scholar
  12. National Thermal Power Corporation Ltd, Information security policies & procedures. [Technical report] Final V. 1.0 (July 2006)Google Scholar
  13. Pandey, S.K., Rehman, S., Mustafa, K., Ahson, S.I.: Security assurance: The requirements way (January 21 2008), http://www.stickyminds.com/s.asp?F=S13426_ART_2 (retrieved June 30, 2009)
  14. Pandey, S.K., Mustafa, K.: Security Assurance: An Authentication Initiative by Checklist. International Journal of Advanced Research in Computer Science 1(2), 110–113 (2010)Google Scholar
  15. Ponder, P.J.: Professionals’ electronic data delivery system (PEDDS). Tallahassee, Florida: CADD Systems Office, Department of Transportation Engineering (June 1999)Google Scholar
  16. Rwanda Information Technology Authority. Technical standards and guidelines for e-government [Final report]. Kampala, Uganda (February 2006), http://www.rita.gov.rw/docs/Egovernment%20Standards%20-%20Final%20Report%20presented.pdf (retrieved June 12, 2008)
  17. TIMEIS. IT technologies, http://www.techno-preneur.net/cgovt/it-act.htm (retrieved June 12, 2008)

Copyright information

© Springer-Verlag GmbH Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Department of Information TechnologyBoard of Studies, The Institute of Chartered Accountants of India (Set up by an Act of Parliament)NoidaIndia
  2. 2.Department of Computer ScienceJamia Millia Islamia (A Central University)New DelhiIndia

Personalised recommendations