Visible to the public Biblio

Filters: Keyword is software design  [Clear All Filters]
2023-07-19
Cheng, Ya Qiao, Xu, Bin, Liu, Kun, Liu, Yue Fan.  2022.  Software design for recording and playback of multi-source heterogeneous data. 2022 3rd International Conference on Computer Science and Management Technology (ICCSMT). :225—228.
The development of marine environment monitoring equipment has been improved by leaps and bounds in recent years. Numerous types of marine environment monitoring equipment have mushroomed with a wide range of high-performance capabilities. However, the existing data recording software cannot meet the demands of real-time and comprehensive data recording in view of the growing data types and the exponential data growth rate generated by various types of marine environment monitoring equipment. Based on the above-mentioned conundrum, this paper proposes a multi-source heterogeneous marine environmental data acquisition and storage method, which can record and replay multi-source heterogeneous data based upon the needs of real-time and accurate performance and also possess good compatibility and expandability.
2023-02-17
Mallouli, Wissam.  2022.  Security Testing as part of Software Quality Assurance: Principles and Challenges. 2022 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). :29–29.
Software quality assurance (SQA) is a means and practice of monitoring the software engineering processes and methods used in a project to ensure proper quality of the software. It encompasses the entire software development life-cycle, including requirements engineering, software design, coding, source code reviews, software configuration management, testing , release management, software deployment and software integration. It is organized into goals, commitments, abilities, activities, measurements, verification and validation. In this talk, we will mainly focus on the testing activity part of the software development life-cycle. Its main objective is checking that software is satisfying a set of quality properties that are identified by the "ISO/IEC 25010:2011 System and Software Quality Model" standard [1] .
ISSN: 2159-4848
2022-04-01
Mekruksavanich, Sakorn, Jitpattanakul, Anuchit, Thongkum, Patcharapan.  2021.  Metrics-based Knowledge Analysis in Software Design for Web-based Application Security Protection. 2021 Joint International Conference on Digital Arts, Media and Technology with ECTI Northern Section Conference on Electrical, Electronics, Computer and Telecommunication Engineering. :281—284.
During this period of high-speed internet, there are a number of serious challenges for software security protection of software design, especially throughout the life cycle of the process of software design, in which there are various risks involving information interaction. Significant information leakage can result from a lack of technical support and software security protection. One major problem with regard to creating software that includes security is the way that secure software is defined and the methods that are used for the measurement of security. The point of this research work is on the software engineers' perspective regarding security in the stage of software design. The tools for the measurement of the metrics are employed for the evaluation of the software's security. In this case study, a metric category of design are used, which are assumed to provide quantitative data about the software's security.
2021-10-04
Zheng, Xiaoyu, Liu, Dongmei, Zhu, Hong, Bayley, Ian.  2020.  Pattern-Based Approach to Modelling and Verifying System Security. 2020 IEEE International Conference on Service Oriented Systems Engineering (SOSE). :92–102.
Security is one of the most important problems in the engineering of online service-oriented systems. The current best practice in security design is a pattern-oriented approach. A large number of security design patterns have been identified, categorised and documented in the literature. The design of a security solution for a system starts with identification of security requirements and selection of appropriate security design patterns; these are then composed together. It is crucial to verify that the composition of security design patterns is valid in the sense that it preserves the features, semantics and soundness of the patterns and correct in the sense that the security requirements are met by the design. This paper proposes a methodology that employs the algebraic specification language SOFIA to specify security design patterns and their compositions. The specifications are then translated into the Alloy formalism and their validity and correctness are verified using the Alloy model checker. A tool that translates SOFIA into Alloy is presented. A case study with the method and the tool is also reported.
2021-04-27
Masmali, O., Badreddin, O..  2020.  Comprehensive Model-Driven Complexity Metrics for Software Systems. 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C). :674—675.

Measuring software complexity is key in managing the software lifecycle and in controlling its maintenance. While there are well-established and comprehensive metrics to measure the complexity of the software code, assessment of the complexity of software designs remains elusive. Moreover, there are no clear guidelines to help software designers chose alternatives that reduce design complexity, improve design comprehensibility, and improve the maintainability of the software. This paper outlines a language independent approach to measuring software design complexity using objective and deterministic metrics. The paper outlines the metrics for two major software design notations; UML Class Diagrams and UML State Machines. The approach is based on the analysis of the design elements and their mutual interactions. The approach can be extended to cover other UML design notations.

2020-12-28
Wang, A., Yuan, Z., He, B..  2020.  Design and Realization of Smart Home Security System Based on AWS. 2020 International Conference on Information Science, Parallel and Distributed Systems (ISPDS). :291—295.
With the popularization and application of Internet of Things technology, the degree of intelligence of the home system is getting higher and higher. As an important part of the smart home, the security system plays an important role in protecting against accidents such as flammable gas leakage, fire, and burglary that may occur in the home environment. This design focuses on sensor signal acquisition and processing, wireless access, and cloud applications, and integrates Cypress’s new generation of PSoC 6 MCU, CYW4343W Wi-Fi and Bluetooth dual-module chips, and Amazon’s AWS cloud into smart home security System designing. First, through the designed air conditioning and refrigeration module, fire warning processing module, lighting control module, ventilation fan control module, combustible gas and smoke detection and warning module, important parameter information in the home environment is obtained. Then, the hardware system is connected to the AWS cloud platform through Wi-Fi; finally, a WEB interface is built in the AWS cloud to realize remote monitoring of the smart home environment. This design has a good reference for the design of future smart home security systems.
2020-11-17
Maksutov, A. A., Dmitriev, S. O., Lysenkov, V. I., Valter, D. A..  2018.  Mobile bootloader with security features. 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). :335—338.
Modern mobile operating systems store a lot of excessive information that can be used against its owner or organization, like a call history or various system logs. This article describes a universal way of preventing any mobile operating system or application from saving its data in device's internal storage without reducing their functionality. The goal of this work is creation of a software that solves the described problem and works on the bootloading stage. A general algorithm of the designed software, along with its main solutions and requirements, is presented in this paper. Hardware requirement, software testing results and general applications of this software are also listed in this paper.
2020-02-17
Rindell, Kalle, Holvitie, Johannes.  2019.  Security Risk Assessment and Management as Technical Debt. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–8.
The endeavor to achieving software security consists of a set of risk-based security engineering processes during software development. In iterative software development, the software design typically evolves as the project matures, and the technical environment may undergo considerable changes. This increases the work load of identifying, assessing and managing the security risk by each iteration, and after every change. Besides security risk, the changes also accumulate technical debt, an allegory for postponed or sub-optimally performed work. To manage the security risk in software development efficiently, and in terms and definitions familiar to software development organizations, the concept of technical debt is extended to contain security debt. To accommodate new technical debt with potential security implications, a security debt management approach is introduced. The selected approach is an extension to portfolio-based technical debt management framework. This includes identifying security risk in technical debt, and also provides means to expose debt by security engineering techniques that would otherwise remained hidden. The proposed approach includes risk-based extensions to prioritization mechanisms in existing technical debt management systems. Identification, management and repayment techniques are presented to identify, assess, and mitigate the security debt.
2018-06-07
Tymchuk, Yuriy, Ghafari, Mohammad, Nierstrasz, Oscar.  2017.  Renraku: The One Static Analysis Model to Rule Them All. Proceedings of the 12th Edition of the International Workshop on Smalltalk Technologies. :13:1–13:10.
Most static analyzers are monolithic applications that define their own ways to analyze source code and present the results. Therefore aggregating multiple static analyzers into a single tool or integrating a new analyzer into existing tools requires a significant amount of effort. Over the last few years, we cultivated Renraku — a static analysis model that acts as a mediator between the static analyzers and the tools that present the reports. When used by both analysis and tool developers, this single quality model can reduce the cost to both introduce a new type of analysis to existing tools and create a tool that relies on existing analyzers.
2018-02-06
Detken, K. O., Jahnke, M., Rix, T., Rein, A..  2017.  Software-Design for Internal Security Checks with Dynamic Integrity Measurement (DIM). 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). 1:367–373.

Most security software tools try to detect malicious components by cryptographic hashes, signatures or based on their behavior. The former, is a widely adopted approach based on Integrity Measurement Architecture (IMA) enabling appraisal and attestation of system components. The latter, however, may induce a very long time until misbehavior of a component leads to a successful detection. Another approach is a Dynamic Runtime Attestation (DRA) based on the comparison of binary code loaded in the memory and well-known references. Since DRA is a complex approach, involving multiple related components and often complex attestation strategies, a flexible and extensible architecture is needed. In a cooperation project an architecture was designed and a Proof of Concept (PoC) successfully developed and evaluated. To achieve needed flexibility and extensibility, the implementation facilitates central components providing attestation strategies (guidelines). These guidelines define and implement the necessary steps for all relevant attestation operations, i.e. measurement, reference generation and verification.

2018-02-02
Saarela, Marko, Hosseinzadeh, Shohreh, Hyrynsalmi, Sami, Leppänen, Ville.  2017.  Measuring Software Security from the Design of Software. Proceedings of the 18th International Conference on Computer Systems and Technologies. :179–186.

With the increasing use of mobile phones in contemporary society, more and more networked computers are connected to each other. This has brought along security issues. To solve these issues, both research and development communities are trying to build more secure software. However, there is the question that how the secure software is defined and how the security could be measured. In this paper, we study this problem by studying what kinds of security measurement tools (i.e. metrics) are available, and what these tools and metrics reveal about the security of software. As the result of the study, we noticed that security verification activities fall into two main categories, evaluation and assurance. There exist 34 metrics for measuring the security, from which 29 are assurance metrics and 5 are evaluation metrics. Evaluating and studying these metrics, lead us to the conclusion that the general quality of the security metrics are not in a satisfying level that could be suitably used in daily engineering work flows. They have both theoretical and practical issues that require further research, and need to be improved.

Whitmore, J., Tobin, W..  2017.  Improving Attention to Security in Software Design with Analytics and Cognitive Techniques. 2017 IEEE Cybersecurity Development (SecDev). :16–21.

There is widening chasm between the ease of creating software and difficulty of "building security in". This paper reviews the approach, the findings and recent experiments from a seven-year effort to enable consistency across a large, diverse development organization and software portfolio via policies, guidance, automated tools and services. Experience shows that developing secure software is an elusive goal for most. It requires every team to know and apply a wide range of security knowledge in the context of what software is being built, how the software will be used, and the projected threats in the environment where the software will operate. The drive for better outcomes for secure development and increased developer productivity led to experiments to augment developer knowledge and eventually realize the goal of "building the right security in".