期刊名称:International Journal of Software Engineering & Applications (IJSEA)
印刷版ISSN:0976-2221
电子版ISSN:0975-9018
出版年度:2020
卷号:11
期号:5
页码:1-11
DOI:10.5121/ijsea.2020.11501
出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:With increase in demand for the security aspects of software, every phase of the Software Development Life Cycle (SDLC) is experiencing major changes with respect to security. Security designers, developers, and testers are keen on improving various security aspects of a system. Specification of security requirements propagates to different phases of an SDLC and there exist different techniques and methodologies to specify security requirements. Business level security requirements are specified using policy specification languages. The current literature has specification languages that are domain based, web based, network based, syntax based, semantics based, predicate based, and protocol based. In this research effort, a generic secure policy prototype and components of the generic secure policy were defined using formal methods. The Descartes specification language, a formal executable specification language, has been developed to specify software systems. The development of a secure policy framework along with extended constructs of the Descartes specification language for specifying secure policies are some of the deliverables of this research effort. Concepts of secure policies were adopted from the SPromela, Ponder, and REI methodologies for secure policy specification, analysis, and design.
