INTRODUCTION out application development while carefully addressing security issues

INTRODUCTION

Incorporating cyber
security protections into software applications during development is a complex
issue. In the ever-expanding digital age, virtually every aspect of human endeavor
relies on secure transactions and operations. However, consideration of cyber
security issues is often inadequate, leading to problems such as financial
losses, data losses, and privacy breaches. From a systems and networking view, enormous
efforts have been made to develop tools to combat specific types of
cyber-attacks as they appear. However, hackers tend to think differently than
developers of applications and are constantly and proactively developing
increasingly notorious and creative attack strategies. Such attacks in planting
malicious pieces of code that corrupt the application, steal sensitive customer
information, or introduce malware such as viruses, worms and spyware, phishing,
extortion schemes, and spam, can be exploit vulnerabilities introduced at any
step of the development process.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Software
applications that are vulnerable to cyber-attacks can drive potential customers
and users of the application away

. To gain user
trust in purposeful applications, it is important to carry out application
development while carefully addressing security issues at each step. Software
developers tend to focus on functional requirements, with little emphasis on
non-functional requirements, such as security. Some authors report benefits of
addressing security measures at the distinct phases of the software development
life cycle. Futcherand von Solms proposed guidelines for secure software development.
In this paper we provide a survey of literature that is relevant to secure
software development practices.

Several
security issues, concerns, challenges, and solutions at different phases of the
software development life cycle as described in the literature on cyber
security are also presented. However, the scope of this paper is limited to
Analysis, Design, Implementation, and testing phases of the Software Development
Life Cycle (SDLC). The organization of rest of the paper is as follows. Section
II describes the characterization of trust in cyber security. Section III
describes the phases of a typical software development life cycle. Section IV
describes the security concerns encountered during the Analysis phase of the

Software
Development Life Cycle and potential ways to address those concerns. Section V
discusses future work and Section VI wraps up the paper with the conclusion.

II. CYBER
SECURITY AND TRUST

With technology
advancement and mass digitalization of user personal data, establishing user
trust has become an important factor in the use of software systems. Most
software systems are potentially vulnerable to attacks even if there is strict
adherence to leading edge principles of encryption and decryption. Security of
software systems is classified into three categories: Confidentiality,
Integrity and Availability. These categories are also collectively known as the
CIA triad.

Confidentiality
is defined as “Preserving authorized restrictions on information access and
disclosure, including means for protecting
personal privacy and proprietary information…”. Integrity is defined as
“Guarding against improper information modification or destruction, and includes ensuring
information non-reputation and authenticity…”. Availability is
defined as “Ensuring timely and reliable access to and use of information…”

Security is
often intertwined with trust. In the context of software systems, trust refers
to the level of confidence or reliability that a person places in a software
system, including the expectations that they have for the software fulfilling
its purpose. The software system can be of multiple elements, including
programs, configuration files, and documentation. In addition, the concept of
trust in the context of cyber security includes expectations that people have
from all aspects of software development, including requirements, design, platform-specific
issues and networks, for which various security practices, processes and
technologies are in use.

Trust also
refers to a relationship that a person forms with software applications that
are online or over a network. The Int’l Conf.
Software Eng. Research and Practice trust relationship is betrayed if the
user’s expectations from these applications are not met. This raises questions concerning the
kinds of expectations that users have with the applications and the factors
that diminish trust. One factor arises from any negative risks that are associated
with the usage of an application. There are traditional ways of assessing risk
in cyber security. Oltramari etal identified endpoint users as key introducers
of risk in an application network, since humans, such as software developers, attackers
and users of the application are included as a component of the system. In addition,
low skill level or exhausted software developers tend to increase cyber
security risk, while users can substantially decrease cyber security risks by
being aware and attentive to the means of protecting their personal assets
from, phishing or spam efforts. Again, insiders within an organization are also
known to sometimes support and execute malicious attacks for which outsiders
have minimal knowledge.

As described by Colwill, “A malicious insider has the potential
to cause more damage to the organization and has many advantages
over an outside attacker”. These human concerns in information and cyber security make it
important to learn to distinguish between regular users, potential hackers and
insiders who can pose a great threat.

Trust and human
factors in cyber security all also of great concern in the rapidly expanding
area of autonomous systems, many of which utilize advanced methods of
artificial intelligence. Examples of autonomous systems include floor cleaning
robots, agent software, military and private drones, surgery-performing robots
and self-driving cars. Autonomous systems are managed and supervised
independently by a single administrator, entity, or organization. Each autonomous
system has a unique identifying label that can be used during data packet
transfer between two systems.

Some autonomous
systems can make decisions and perform tasks in unstructured environments with
no need for human control or guidance.

x

Hi!
I'm Clifton!

Would you like to get a custom essay? How about receiving a customized one?

Check it out