Software Inspections Using Guided Checklists to Ensure Security Goals

摘要

Security is a crucial issue in many modern software systems and can lead to immense costs if required security goals are not fulfilled. Fewer techniques exist to address the systematic analysis and detection of security problems, especially during early development phases. Based on well-known and established inspection techniques, we investigated traditional reading support, which did not fit exactly what we needed to ensure security goals. Therefore, we developed a new kind of checklist which we call guided checklist. This kind of checklist focuses the inspector much more on how to check security goals and provides the inspector with more fine-grained support than traditional reading support. To derive such checklists, we developed a model for security goals. A continuous example shows what the security goal model looks like and how to apply the guided checklist.