Abstract
Security is an age long dream in all the walks of our social life. In software industry, security is regarded as wheels on which the entire system can move smoothly. Various tools/techniques have been deployed for developing secure software, but, on the other hand, attackers are continuously exploiting vulnerabilities to compromise security. Firewalls, intrusion prevention/detection and antivirus systems cannot simply solve this problem to the desirable extent. Only a rigorous effort by the software development community for building more secure software can foil attackers and allow users to feel protected from such exploitations. Research studies reveal that security cannot be added in developed software rather it should be introduced right from the beginning in the SDLC. To achieve this objective, security measures must be embedded throughout the SDLC phases and starting from the requirements phase itself. Non-Repudiation requirement is globally accepted as one of the prominent security requirements. Appropriate level of non-repudiation may well enforce security features and hence, ensure security for deployed software. A checklist is proposed, in this paper, which may enable assessment of the appropriateness of non-repudiation requirements and lead to counter/additional measures for security assurance.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
American Bar Association, Digital signature guidelines: Legal infrastructure for certification authorities and secure electronic commerce, USA (August 1, 1996), http://www.abanet.org/scitech/ec/isc/dsg.pdf (retrieved June 2, 2008)
Controller of Certifying Authorities. Security procedure for electronic records and digital signature, http://www.cca.gov.in/faq_it.jsp (retrieved July 12, 2009)
Cornell University. Baseline IT security requirements, version 1.2. (October 17, 2008), http://www.cit.cornell.edu/security/depth/requirements/ (retrieved June 12, 2008)
Encyclopedia. Non-repudiation. PC Magazine Encyclopedia, http://www.pcmag.com/encyclopedia_term/0,2542,t=nonrepudiation&i=48067,00.asp (retrieved March 2, 2010)
Gilliam David, P., Kelly John, C., Powell John, D., Matt, B.: Development of a Software Security Assessment Instrument to Reduce Software Security Risk. In: The Proceedings of the WETICE, pp. 144–149 (2011)
Thomas, G., Tom, K., Valerie, M.: Electronic security: Risk mitigation in financial transactions public policy issues. The World Bank (2002), http://info.worldbank.org/etools/docs/library/83592/esecurity_risk_mitigation.pdf (retrieved June 12, 2008)
Linda, H.: MUETA: What every public sector lawyer should know, MUETA: What Every Public Sector Lawyer Should Know (December 2004), http://www.mass.gov/Eoaf/docs/itd/guidance/legal/mueta_for_public_sector_lawyers.ppt#256 (retrieved June 12, 2008)
Jake, K., Daniel, M.: Information technology risk assessment in enterprise environments. John Wiley & Sons (2010)
Locke, G., Gallagher, P.D.: Recommended security controls for federal information systems and organizations, NIST Special Publication 800-53 (August 2009)
Adrian, M., William, C.: Non repudiation in the digital environment. First Monday 5(8) (August 7, 2000), http://www.firstmonday.org/issues/issue5_8/mccullagh/ (retrieved May 3, 2008)
Mustafa, K., Pandey, S.K., Rehman, S.: Security assurance by efficient access control and rights. CSI Communication 32(6), 29–33 (2008)
National Thermal Power Corporation Ltd, Information security policies & procedures. [Technical report] Final V. 1.0 (July 2006)
Pandey, S.K., Rehman, S., Mustafa, K., Ahson, S.I.: Security assurance: The requirements way (January 21 2008), http://www.stickyminds.com/s.asp?F=S13426_ART_2 (retrieved June 30, 2009)
Pandey, S.K., Mustafa, K.: Security Assurance: An Authentication Initiative by Checklist. International Journal of Advanced Research in Computer Science 1(2), 110–113 (2010)
Ponder, P.J.: Professionals’ electronic data delivery system (PEDDS). Tallahassee, Florida: CADD Systems Office, Department of Transportation Engineering (June 1999)
Rwanda Information Technology Authority. Technical standards and guidelines for e-government [Final report]. Kampala, Uganda (February 2006), http://www.rita.gov.rw/docs/Egovernment%20Standards%20-%20Final%20Report%20presented.pdf (retrieved June 12, 2008)
TIMEIS. IT technologies, http://www.techno-preneur.net/cgovt/it-act.htm (retrieved June 12, 2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag GmbH Berlin Heidelberg
About this paper
Cite this paper
Pandey, S.K., Mustafa, K. (2012). Security Assurance by Efficient Non-repudiation Requirements. In: Wyld, D., Zizka, J., Nagamalai, D. (eds) Advances in Computer Science, Engineering & Applications. Advances in Intelligent Systems and Computing, vol 167. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30111-7_87
Download citation
DOI: https://doi.org/10.1007/978-3-642-30111-7_87
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30110-0
Online ISBN: 978-3-642-30111-7
eBook Packages: EngineeringEngineering (R0)