“A framework for development of secure software”

摘要

To design, build and deploy secure systems, we must integrate security into our application development life cycle and adapt current software engineering practices and methodologies to include specific security-related activities. Developers enforces security measures during design phase of software development processes which may end up in specifying security related architecture constraints that are not really necessary. To eliminate this problem, we propose a Framework for Security Engineering Process that involves converting security requirements and threats into design decisions to mitigate the identified security threats. The identified design attributes are prioritized and a security design template is prepared. We have stored various cryptographic techniques and their analytic attributes in the repository to find out the specific cryptographic technique that would eventually help in the later stages of the design process by eliminating unnecessary design constraints in a particular scenario.