Methods and Tools for Secure Software
|Principal investigator:||Professor Nahid Shahmehri|
|Related projects:||SHIELDS: Detecting known security vulnerabilities from within design and development tools
|Keywords:||software security, software engineering, vulnerability modeling, root cause analysis|
By creating a software security meta-process, we are developing the tools that software developers need to continuously improve their development processes, in order to prevent vulnerabilities from being introduced into the software they develop. Our approach differs from conventional approaches in that we do not prescribe a set of practices. Instead, our approach helps each user determine which practices they need.
- Shanai Ardi, Nahid Shahmehri. Integrating a security plug-in with the OpenUP/Basic development process. In the proceedings of the Third International Conference on Availability, Reliability and Security, ARES2008 (IEEE Computer Society ed.), Pages 284-291, Barcelona, Spain, March 2008.
- David Byers, Nahid Shahmehri. "A Cause-Based Approach to Preventing Software Vulnerabilities", Proceedings of the Third International Conference on Availability, Reliability and Security, ARES2008 (IEEE Computer Society ed.), Pages 276-283, Barcelona, Spain, March 2008. Best Paper Award.
- Shanai Ardi, David Byers, Nahid Shahmehri. How can the developer benefit from security modeling?', Workshop on Secure Software Engineering (SecSE 2007), in conjunction with the ARES 2007 conference, organized by Dexa Ascociation in cooperation with ENISA (European Network and Information Security Agency), 1017-1025, April 10-13, Vienna, 2007. IEEE CS.
- David Byers, Nahid Shahmehri. Design of a Process for Software Security. In the proceedings of the Second International Conference on Availability, Reliability and Security, ARES 2007. Vienna, 2007. IEEE CS.
- David Byers, Shanai Ardi, Nahid Shahmehri, and Claudiu Duma. Modeling Software Vulnerabilities With Vulnerability Cause Graphs. In the proceedings of the International Conference on Software Maintenance (ICSM 2006), September 24-27, 2006, Philadelphia, Pennsylvania.
- Shanai Ardi, David Byers, and Nahid Shahmehri. Towards a Structured Unified Process for Software Security. In the proceedings of the Software Engineering for Secure Systems Workshop, (SESS), held in conjunction with the 28th International Conference on Software Engineering, (ICSE 2006), May 20-28, 2006, Shanghai, China.
Page responsible: Nahid Shahmehri
Last updated: 2009-06-23