Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security inspection scenarios - a facet of security

Conducting vulnerability-based code inspections
 
: Klaus, Alexander; Elberzhager, Frank

Kaiserslautern, 2009, VII, 19 pp.
IESE-Report, 084.09/E
Reportnr.: 084.09/E
English
Report
Fraunhofer IESE ()
security; inspection; verification; vulnerability; quality assurance; scenario-based reading; reading technique

Abstract
Today's software is often subject to attacks that exploit vulnerabilities. Since in the area of security, vulnerabilities are hard to find, quality assurance needs detailed guidance. Focusing on early quality assurance, we propose Security Inspection Scenarios as reading support for static quality assurance. They provide detailed guidance and clear and comprehensible structuring. As the vulnerabilities are partly dependent on the operating system and programming language used, we need to build generic scenarios and instantiate them. In this paper, we show how to create Security Inspection Scenarios, accompanied by a short example demonstrating their usage. After an analysis of the possible benefits of our approach, a proposal for an evaluation is presented. We assume our scenarios support practitioners in a beneficial way and are applicable in most development lifecycles which are interested in security aspects.

: http://publica.fraunhofer.de/documents/N-113633.html