Visible to the public CryptSDLC: Embedding Cryptographic Engineering into Secure Software Development Lifecycle

TitleCryptSDLC: Embedding Cryptographic Engineering into Secure Software Development Lifecycle
Publication TypeConference Paper
Year of Publication2018
AuthorsLoruenser, Thomas, Pöhls, Henrich C., Sell, Leon, Laenger, Thomas
Conference NameProceedings of the 13th International Conference on Availability, Reliability and Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6448-5
Keywordscryptography, Data protection by design and default, privacy by design, pubcrawl, resilience, Resiliency, Scalability, Security by Default, security by design, Software design life cycle, software engineering
Abstract

Application development for the cloud is already challenging because of the complexity caused by the ubiquitous, interconnected, and scalable nature of the cloud paradigm. But when modern secure and privacy aware cloud applications require the integration of cryptographic algorithms, developers even need to face additional challenges: An incorrect application may not only lead to a loss of the intended strong security properties but may also open up additional loopholes for potential breaches some time in the near or far future. To avoid these pitfalls and to achieve dependable security and privacy by design, cryptography needs to be systematically designed into the software, and from scratch. We present a system architecture providing a practical abstraction for the many specialists involved in such a development process, plus a suitable cryptographic software development life cycle methodology on top of the architecture. The methodology is complemented with additional tools supporting structured inter-domain communication and thus the generation of consistent results: cloud security and privacy patterns, and modelling of cloud service level agreements. We conclude with an assessment of the use of the Cryptographic Software Design Life Cycle (CryptSDLC) in a EU research project.

URLhttps://dl.acm.org/citation.cfm?doid=3230833.3233765
DOI10.1145/3230833.3233765
Citation Keyloruenser_cryptsdlc:_2018