A Case Study of Adopting Security Guidelines in Undergraduate Software Engineering Education

DOI: 10.4236/jcc.2014.214003   PDF   HTML   XML   3,674 Downloads   4,820 Views   Citations

Abstract

Security plays a large role in software development; simply without its existence the software would be vulnerable to many different types of attacks. Software security prevents leaks of data, alternation of data, and unauthorized access to data. Building a secure software involves a number of different processes but security awareness and implementation are the most important ones among them. To produce high quality software security engineers need to meet today’s cybersecurity demands, security awareness and implementation must be integrated in undergraduate computer science programming courses. In this paper, we demonstrate the importance of adopting security guidelines in undergraduate software engineering education. Thus, this paper focuses on integrating secure guidelines into existing applications to eliminate common security vulnerabilities. An assessment table, derived from several existing Java security guidelines, is developed to provide in depth critiques of the selected capstone project. Potential security vulnerabilities in the capstone project are identified and presented in a form showing the degree of threats against the three security characteristics: confidentiality, integrity, and availability addressed in the McCumber Cube model. Meanwhile, vulnerability density of the capstone project is calculated to demonstrate the performance of this research.

Share and Cite:

Hu, Y. and Scott, C. (2014) A Case Study of Adopting Security Guidelines in Undergraduate Software Engineering Education. Journal of Computer and Communications, 2, 25-36. doi: 10.4236/jcc.2014.214003.

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1] Raman, J. (2006) Regulating Secure Software Development. University of Lapland Printing Centre, Rovaniemi.
[2] Sinn, R. (2008) Software Security Technologies: A Programmatic Approach. Thomson Course Technology, Boston.
[3] Janssen, C. (2010) Data Security. Techopedia.
http://www.techopedia.com/definition/26464/data-security
[4] Janssen, C. “Information Security (IS)”. Techopedia.
http://www.techopedia.com/definition/10282/information-security-is
[5] “Digital Rights Management”. The Free Dictionary.
http://www.thefreedictionary.com/Content+security
[6] Grembi, J.C. (2008) Secure Software Development: A Security Programmer’s Guide. Thomson Course Technology, Boston.
[7] Oracle, “Java SE Security Documentation”.
http://www.oracle.com/technetwork/java/index-139231.html
[8] Long, F., Mohindra, D., Seacord, R.C., Sutherland, D.F. and Svoboda, D. (2011) The CERT Oracle Secure Coding Standard for Java, Addison-Wesley Professional.
[9] What Are the Software Development Life Cycle Phases?
http://istqbexamcertification.com/what-are-the-software-development-life-cycle-sdlc-phases/
[10] Howard, M. and Lipner, S. (2004) The Trustworthy Computing Security Development Lifecycle. IEEE 2004 Annual Computer Security Applications Conference, Tucson.
[11] Davis, N. (2006) Secure Software Development Life Cycle Process. Carnegie Mellon University, Pittsburgh.
https://buildsecurityin.us-cert.gov/articles/knowledge/sdlc-process/secure-software-development-life-cycle-processes.
[12] Maconachy, W.V., Schou, C.D., Ragsda, D. and Welch, D. (2001) A Model for Information Assurance: Integrated Approach. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, New York, 5-6 June 2001.
[13] Allen, J. (2010) Measuring Software Security. Carnegie Mellon University, Pittsburgh.
[14] Ruiz-Vanoye, J.A., Díaz-Parra, O., Arias, M.D.I.á.B. and Saenz, A.C. (2013) A Model for Evolutionary Software Development with Security (MESS) Applied to an Electrical Research Institute. Mexican Journal of Scientific Research, 2, 2-22.
[15] Whitman, M.E. and Mattord, H.J. (2012) Principle of Information Security. 4th Edition, Thomson Course Technology, Boston.
[16] “Review: McCumber Cube Methodology,” Protect Your Bits, 5 October 2009.
http://protectyourbits.wordpress.com/2009/10/05/review-mccumber-cube-methodology/
[17] Jone, C. (2012) Software Quality Metrics: Three Harmful Metrics and Two Helpful Metrics.
[18] Lab, K. (2013) Global Corporate IT Security Risks: 2013.
[19] Alhazmi, O.H., Malyiya, Y.K. and Ray, I. (2006) Measuring, Analyzing and Predicting Security Vulnerabilities in Software Systems. Computer & Security, 26, 219-228.
[20] Mohagheghi, P., Conradi, R., Killi, O.M. and Schwarz, H. (2006) An Empirical Study of Software Reuse vs. Defect-Density and Stability. Proceedings of the 26th International Conference on Software Engineering, Edinburgh, 23-28 May 2006, 282-292.
[21] CWE, CWE-844: Weaknesses Addressed by the CERT Java Secure Coding Standard. Common Weakness Enumeration.
https://cwe.mitre.org/data/definitions/844.html
[22] Oracle, Secure Coding Guidelines for the Java Programming Language, Version 4.0.
http://www.oracle.com/technetwork/java/seccodeguide-139067.html

  
comments powered by Disqus

Copyright © 2020 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.