AEGIS CLASP BSI Microsoft SDL UMLSec 1 2
ﻓﺮآیﻨﺪﻫﺎی ﺗﻮﺳﻌﻪ ﺍﻣﻦ AEGIS CLASP BSI Microsoft SDL UMLSec
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. ﻣﺮﺍﺟﻊ Howard, M. , Lipner, S. , The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software, Microsoft Press, 2006. Mc. Graw, G. , Software Security: Building Security In, Pearson Education Inc. , Addison Wesley Professional, 2006. Weiss, D. M. , Lai, C. T. R. , Software Product-Line Engineering: A Family-Based Software Development Process, Addison-Wesley, 1999. Flechais, I. , Designing Secure and Usable Systems, Ph. D. Thesis, University of London, UK, 2005. Boström, G. , etc, "Extending XP practices to support security requirements engineering", In Proceedings of the 2006 international workshop on Software engineering for secure systems, 2006. Ardi, S. , Byers, D. , Shahmehri, N. , "Towards a structured unified process for software security", In Proceedings of the 2006 international workshop on Software engineering for secure systems, 2006. Viega, J. , "Building Security Requirements with CLASP", In Proceedings of the 2005 workshop on Software engineering for secure systems-building trustworthy applications, 2005. Haley, C. B. , etc, "A framework for security requirements engineering", In Proceedings of the 2006 international workshop on Software engineering for secure systems, 2006. Firesmith, D. , "Specifying Reusable Security Requirements". Journal of Object Technology, 2004. Yang, K. J. , Pooley, R. , "Process Modelling to Support the Unified Modelling Language", In Proceedings of the 21 st International Computer Software and Applications Conference, 1997. Flechais, I. , Sasse, M. A. , Hailes, S. M. V. , “A process for developing secure and usable systems”, In Proceedings of the 2003 Workshop on New Security Paradigms, 2003. Grance, T. , Hash, J. , Stevens, M. , "Security Considerations in the Information System Development Life Cycle", NIST, Computer Security Division, NIST Special Publication 800 -64, REV. 1, 2004. Swanson, M. , etc, "Security Metrics Guide for Information Technology Systems", NIST, Computer Security Division, NIST Special Publication 800 -55, 2003. Secure Software Inc. , CLASP: Comprehensive Lightweight Application Security Process, Version 2. 0, 2006, http: //www. securesoftware. com/process. US-CERT, Software Engineering Institute, Build Security In, 2006, https: //buildsecurityin. us-cert. gov. Mc. Graw, G. , Howard, M. , etc, Processes to Produce Secure Software, National Cyber Security Summit, 2004, http: //www. cigital. com/papers/download/secure_software_process. pdf. Jürjens, J. , "Developing Secure Systems with UMLsec From Business Processes to Implementation", UMLsec homepage, 2002, http: //www 4. in. tum. de/~umlsec. Haumer, P. , "IBM Rational Method Composer: Part 1 & 2", IBM Developer Works website, 2005 & 2006, http: //www 128. ibm. com/developerworks/rational/library/dec 05/haumer & http: //www 128. ibm. com/developerworks/rational/library/jan 06/haumer. IBM Rational Method Composer (RMC) official website, http: //www-306. ibm. com/software/awdtools/rmc/index. html. OPEN Process Framework (OPF) official website, http: //www. opfro. org
- Slides: 21