Developing Secure Software and Systems

Book chapter

Falcarin, P. and Morisio, Maurizio 2004. Developing Secure Software and Systems. in:

Publication dates
Authors	Falcarin, P. and Morisio, Maurizio
Abstract	The development and maintenance of network and data security in software systems is done in a late phase of design and coding or during deployment, often in an ad-hoc manner. Network monitoring and recovery, encryption protocols, best practices for combating cyber-crime, or disaster recovery planning are useful methodologies applied to enforce security of a deployed system. Nevertheless these are not enough to protect from attacks directed to software vulnerabilities hidden at design and code level. Introducing security aspects in all the phases of the software development process is an emerging approach to limit costs of adding security features when it's too late and very expensive in terms of time and resources. In this paper we illustrate some proposals to consider security issues in the software process from the early phase of requirements to design and coding.
Keywords	Network security; data security; software systems; corporate data
Year	2004
Print	2004
Publication process dates
Deposited	01 Sep 2010
Web address (URL)	http://hdl.handle.net/10552/966
Additional information	Citation: Falcarin, P. and Morisio, M. (2004) ’Developing Secure Software and Systems’, in IEC Network Security: Technology Advances, Strategies, and Change Drivers, Chicago: International Engineering Consortium (IEC), pp. 15-22.
Accepted author manuscript	Falcarin, P (2004) IEC 15.pdf License CC BY-ND

Permalink -

https://repository.uel.ac.uk/item/868v0

Download files

228
total views
100
total downloads
2
views this month
0
downloads this month

Export as

Related outputs

Time-series clustering for sensor fault detection in large-scale Cyber-Physical Systems

Alwan, A., Brimicombe, A., Ciupala, A., Ghorashi, S., Baravalle, A. and Falcarin, P. 2022. Time-series clustering for sensor fault detection in large-scale Cyber-Physical Systems. Computer Networks. 218 (Art. 109384). https://doi.org/10.1016/j.comnet.2022.109384

Data quality challenges in large-scale cyber-physical systems: A systematic review

Alwan, A., Ciupala, A., Brimicombe, A., Ghorashi, S., Baravalle, A. and Falcarin, P. 2021. Data quality challenges in large-scale cyber-physical systems: A systematic review. Information Systems. 105 (Art. 101951). https://doi.org/10.1016/j.is.2021.101951

Enhancement performance of random forest algorithm via one hot encoding for IoT IDS

Hussein, A. Y., Falcarin, P. and Sadiq, A. T. 2021. Enhancement performance of random forest algorithm via one hot encoding for IoT IDS. Periodicals of Engineering and Natural Sciences. 9 (3), pp. 579-591. https://doi.org/10.21533/pen.v9i3.2204

Code Renewability for Native Software Protection

Abrath, B., Coppens, B., Van Den Broeck, J., Wyseur, B., Cabutto, A., Falcarin, P. and De Sutter, B. 2020. Code Renewability for Native Software Protection. ACM Transactions on Privacy and Security. 23 (Art. 20). https://doi.org/10.1145/3404891

HADES: a Hybrid Anomaly Detection System for Large-Scale Cyber-Physical Systems

Alwan, A., Baravalle, A., Ciupala, A. and Falcarin, P. 2020. HADES: a Hybrid Anomaly Detection System for Large-Scale Cyber-Physical Systems. FMEC2020: The Fifth International Conference on Fog and Mobile Edge Computing. Paris, FR 30 Jun - 03 Jul 2020 IEEE. https://doi.org/10.1109/FMEC49853.2020.9144751

Analysis of Obfuscated Code with Program Slicing

Talukder, M., Falcarin, P. and Islam, S. 2019. Analysis of Obfuscated Code with Program Slicing. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). Oxford, UK 03 - 04 Jun 2019 IEEE. https://doi.org/10.1109/CyberSecPODS.2019.8885094

A meta-model for software protections and reverse engineering attacks

Basile, C., Canavese, D., Regano, L., Falcarin, P. and De Sutter, B 2019. A meta-model for software protections and reverse engineering attacks. Journal of Systems and Software. 150, pp. 3-21. https://doi.org/10.1016/j.jss.2018.12.025

Rule-based monitoring and error detecting for converged telecommunication processes

Ordonez, Armando, Eraso, Luis and Falcarin, P. 2015. Rule-based monitoring and error detecting for converged telecommunication processes. in: 2015 SAI Intelligent Systems Conference (IntelliSys) IEEE. pp. 705-713

gLCB: an energy aware context broker

Ardito, Luca, Torchiano, Marco, Marengo, Marco and Falcarin, P. 2013. gLCB: an energy aware context broker. Sustainable Computing: Informatics and Systems. 3 (1), pp. 18-26. https://doi.org/10.1016/j.suscom.2012.10.005

Emergency situations supported by context-aware and application streaming technologies

Bernal, Jose Felipe Mejia, Falcarin, P., Ardito, Luca, Rocha, Oscar Rodríguez, Morisio, Maurizio, Pistillo, Francesco and Giovanelli, Flavio 2013. Emergency situations supported by context-aware and application streaming technologies. International Journal of Ad Hoc and Ubiquitous Computing. 13 (2), p. 120. https://doi.org/10.1504/IJAHUC.2013.054176

HAUTO: Automated composition of convergent services based in HTN planning

Ordoñez, Armando, Corrales, Juan Carlos and Falcarin, P. 2014. HAUTO: Automated composition of convergent services based in HTN planning. Ingeniería e Investigación. 34 (1), pp. 66-71. https://doi.org/10.15446/ing.investig.v34n1.42782

Automated context aware composition of Advanced Telecom Services for environmental early warnings

Ordonez, Armando, Alcázar, Vidal, Corrales, Juan Carlos and Falcarin, P. 2014. Automated context aware composition of Advanced Telecom Services for environmental early warnings. Expert Systems with Applications. 41 (13), pp. 5907-5916. https://doi.org/10.1016/j.eswa.2014.03.045

Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge

Ceccato, Mariano, Tonella, Paolo, Basile, Cataldo, Falcarin, P., Torchiano, Marco, Coppens, Bart and De Sutter, Bjorn 2018. Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge. Empirical Software Engineering (EMSE). 24 (1), pp. 240-286. https://doi.org/10.1007/s10664-018-9625-6

An Open Source Software Architecture for Smart Buildings

Alwan, A., Baravalle, A., Ciupala, A. and Falcarin, P. 2018. An Open Source Software Architecture for Smart Buildings. in: Arai, K., Kapoor, S. and Bhatia, R. (ed.) Intelligent Systems and Applications Springer.

Energy optimization in wireless sensor networks based on genetic algorithms

Rodriguez, Angela, Falcarin, P. and Ordonez, Armando 2015. Energy optimization in wireless sensor networks based on genetic algorithms. in: 2015 SAI Intelligent Systems Conference (IntelliSys) IEEE. pp. 470-474

Content Discovery Advertisements: An Explorative Analysis

Jadhav Balaji, R., Baravalle, Andres, Al-Nemrat, A. and Falcarin, P. 2017. Content Discovery Advertisements: An Explorative Analysis. in: Jahankhani, Hamid, Carlile, Alex, Emmett, David, Hosseinian-Far, Amin, Brown, Guy, Sexton, Graham and Jamal, Arshad (ed.) Global Security, Safety and Sustainability - The Security Challenges of the Connected World Springer Verlag.

A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques

Ceccato, Mariano, Di Penta, Massimiliano, Falcarin, P., Ricca, Filippo, Torchiano, Marco and Tonella, Paolo 2013. A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques. Empirical Software Engineering. 19 (4), pp. 1040-1074. https://doi.org/10.1007/s10664-013-9248-x

How Professional Hackers Understand Protected Code while Performing Attack Tasks

Ceccato, Mariano, Tonella, Paolo, Basile, Cataldo, Coppens, Bart, De Sutter, Bjorn, Falcarin, P. and Torchiano, Marco 2017. How Professional Hackers Understand Protected Code while Performing Attack Tasks. in: Proceedings of 2017 IEEE/ACM 25th International Conference on Program Comprehension (ICPC) IEEE. pp. 154-164

Software Protection with Code Mobility

Cabutto, Alessandro, Falcarin, P., Abrath, Bert, Coppens, Bart and De Sutter, Bjorn 2015. Software Protection with Code Mobility. in: MTD '15-- Proceedings of the Second ACM Workshop on Moving Target Defense Association for Computing Machinery (ACM). pp. 95-103

A large study on the effect of code obfuscation on the quality of java code

Ceccato, Mariano, Capiluppi, Andrea, Falcarin, P. and Boldyreff, Cornelia 2014. A large study on the effect of code obfuscation on the quality of java code. Empirical Software Engineering. 20 (6), pp. 1486-1524. https://doi.org/10.1007/s10664-014-9321-0

Attack simulation based software protection assessment method

Zhang, Gaofeng, Falcarin, P., Gomez-Martinez, Elena, Islam, Shareeful, Tartary, Christophe, De Sutter, Bjorn and d'Annoville, Jerome 2016. Attack simulation based software protection assessment method. in: 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security) IEEE.

A Reference Architecture for Software Protection

De Sutter, Bjorn, Falcarin, P., Wyseur, Brecht, Basile, Cataldo, Ceccato, Mariano, DAnnoville, Jerome and Zunke, Michael 2016. A Reference Architecture for Software Protection. in: 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA) IEEE. pp. 291-294

Search Based Clustering for Protecting Software with Diversified Updates

Ceccato, Mariano, Falcarin, P., Cabutto, Alessandro, Frezghi, Yosief Weldezghi and Staicu, Cristian-Alexandru 2016. Search Based Clustering for Protecting Software with Diversified Updates. 8th International Symposium on Search Based Software Engineering (SSBSE 2016). Raleigh, NC, USA 08 - 10 Oct 2016 Springer. https://doi.org/10.1007/978-3-319-47106-8_11

Towards automated composition of convergent services: A survey

Ordónez, Armando, Alcazar, Vidal, Rendon, Oscar Mauricio Caicedo, Falcarin, P., Corrales, Juan C. and Granville, Lisandro Zambenedetti 2015. Towards automated composition of convergent services: A survey. Computer Communications. 69, pp. 1-21.

Measuring Security Requirements for Software Security

Islam, S. and Falcarin, P. 2011. Measuring Security Requirements for Software Security. IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS). London 01 - 02 Sep 2011

Software protection

Falcarin, P., Collberg, Christian, Atallah, Mikhail and Jakubowski, Mariusz 2011. Software protection. IEEE Software. 28 (2), pp. 24-27.

Exploiting Code Mobility for Dynamic Binary Obfuscation

Falcarin, P., Di Carlo, Stefano, Cabutto, Alessandro, Garazzino, Nicola and Barberis, Davide 2011. Exploiting Code Mobility for Dynamic Binary Obfuscation. IEEE World Congress on Internet Security (WorldCIS-2011), London, 21-23 February 2011. London: IEEE pp 114 – 120.

Towards Experimental Evaluation of Code Obfuscation Techniques

Ceccato, Mariano, Di Penta, Massimiliano, Nagra, Jasvir, Falcarin, P. and Ricca, Filippo 2008. Towards Experimental Evaluation of Code Obfuscation Techniques. 4th ACM workshop on Quality of Protection. Alexandria, Virginia, USA Oct 2008 pp. 39-46

Next Generation Networks: the service offering standpoint

Licciardi, Carlo Alberto and Falcarin, P. 2003. Next Generation Networks: the service offering standpoint. in:

An Aspect-Oriented Approach for Dynamic Monitoring of a Service Logic Execution Environment

Falcarin, P. and Goix, Laurent Walter 2006. An Aspect-Oriented Approach for Dynamic Monitoring of a Service Logic Execution Environment. in:

A Dynamic Analysis Tool for Extracting UML 2 Sequence Diagrams

Falcarin, P. and Torchiano, Marco 2006. A Dynamic Analysis Tool for Extracting UML 2 Sequence Diagrams. ICSOFT 2006, First International Conference on Software and Data Technologies. Setúbal, Portugal 11 - 14 Sep 2006

Towards a Telecommunication Service Oriented Architecture

Falcarin, P. and Yu, Jian 2007. Towards a Telecommunication Service Oriented Architecture. in:

Dynamic Context-Aware Business Process: A Rule-Based Approach Supported by Pattern Identification

Bernal, Jose F. Mejia, Falcarin, P. and Morisio, Maurizio 2010. Dynamic Context-Aware Business Process: A Rule-Based Approach Supported by Pattern Identification. Proceedings of the 2010 ACM Symposium on Applied Computing SAC'10. Sierre, Switzerland 22 - 26 Mar 2010

Service Creation in the SPICE Service Platform

Almeida, Joao Paulo, Baravaglio, Alberto, Belaunde, Mariano, Falcarin, P. and Kovacs, Erno 2006. Service Creation in the SPICE Service Platform. 17th Wireless World Research Forum Meeting (WWRF17).

Towards the Automation of the Service Composition Process: Case Study and Prototype Implementations

Shiaa, Mazen, Falcarin, P., Pastor, Alain, Lecue, Freddy, Silva, Eduardo and Pires, Luis Ferreira 2008. Towards the Automation of the Service Composition Process: Case Study and Prototype Implementations. Cunningham, P and Cunningham, M. (Eds) ICT-MobileSummit 2008 Conference Proceedings Stockholm pp. 10-12

A Web-Based application to verify Open Mobile Alliance device management specifications

Mejia Bernal, Jose F., Falcarin, P. and Morisio, Maurizio 2009. A Web-Based application to verify Open Mobile Alliance device management specifications. IEEE International Conference on Advances in System Testing and Validation Lifecycle (VALID 2009). 20-25 September 2009 Porto pp. 13-18

First International Workshop on Telecom Service Oriented Architectures (TSOA-07)

Falcarin, P. and Belaunde, Mariano 2009. First International Workshop on Telecom Service Oriented Architectures (TSOA-07). E. Di Nitto and M Ripeanu (Eds.): ICSOC 2007 Workshops

Weaving Business Processes and Rules: A Petri Net Approach

Yu, Jian, Sheng, Quan Z., Falcarin, P. and Morisio, Maurizio 2009. Weaving Business Processes and Rules: A Petri Net Approach. in: Information Systems: Modeling, Development, and Integration Springer.

A User-centric Mobile Service Creation Approach Converging Telco and IT Services

Yu, Jian, Falcarin, P., del Álamo, José María, Sienel, Juergen, Sheng, Quan Z. and Mejia, Jose F. 2009. A User-centric Mobile Service Creation Approach Converging Telco and IT Services. Eighth International Conference on Mobile Business, (ICMB 2009), Sch. of Comput Sci. pp. 27-28

XDM-Compatible Service Repository for User-Centric Service Creation and Discovery

Jian, Yu, Falcarin, P., Rego, S., Ordas, I., Martins, E., Quan, Sun, Trapero, R. and Sheng, Quan Z. 2009. XDM-Compatible Service Repository for User-Centric Service Creation and Discovery. IEEE International Conference on Web Services. (ICWS 2009) Los Angeles pp. 6-10

Towards an Efficient Context-Aware System: Problems and Suggestions to Reduce Energy Consumption in Mobile Devices

Mejia Bernal, Jose F., Ardito, Luca, Morisio, Maurizio and Falcarin, P. 2010. Towards an Efficient Context-Aware System: Problems and Suggestions to Reduce Energy Consumption in Mobile Devices. Ninth International Conference on Mobile Business. (ICMB 2010) Athens pp. 13-15

Analysis of NGN service creation technologies

Licciardi, Carlo Alberto and Falcarin, P. 2003. Analysis of NGN service creation technologies. IEC Annual Review of Communications.

A CPL to Java compiler for dynamic service personalization in JAIN-SIP server

Falcarin, P. 2004. A CPL to Java compiler for dynamic service personalization in JAIN-SIP server. IEC Annual Review of Communications.

A visual semantic service browser supporting user-centric service composition

Yu, Jian, Sheng, Quan Z. and Falcarin, P. 2010. A visual semantic service browser supporting user-centric service composition. IEEE 24th International Conference on Advanced Information Networking and Applications (AINA 2010).

Communication Web Services and JAIN-SLEE Integration Challenges

Falcarin, P. and Venezia, Claudio 2008. Communication Web Services and JAIN-SLEE Integration Challenges. International Journal of Web Services Research. 5 (4), pp. 59-78.

Personalized Service Creation and Provision for the Mobile Web

Sheng, Quan Z., Yu, Jian, del Álamo, José María and Falcarin, P. 2009. Personalized Service Creation and Provision for the Mobile Web. in: Irwin, King and Baeza-Yates, Ricardo (ed.) Weaving Services and People on the World Wide Web Springer. pp. 99-121

Service Composition Quality Evaluation in SPICE Platform

Falcarin, P. 2009. Service Composition Quality Evaluation in SPICE Platform. in: Zhang, Liang-Ji, Paul, Raymond and Dong, Jing (ed.) High Assurance Services Computing Springer US. pp. 89-102

Situation Inference for Mobile Users: a Rule Based Approach

Goix, Laurent Walter, Valla, Massimo, Cerami, Laura and Falcarin, P. 2007. Situation Inference for Mobile Users: a Rule Based Approach. International Conference on Mobile Data Management, Mannheim, Germany May 01. IEEE pp 299-303

UML requirements for Distributed Software Architectures

Lago, Patricia and Falcarin, P. 2001. UML requirements for Distributed Software Architectures. Proceedings of the 1st International Workshop on Describing Software Architecture with UML, Toronto, Canada, May 2001, pp. 27-30

Call Control Component implementing converged Telephony- Internet networks

Falcarin, P. and Lago, Patricia 2001. Call Control Component implementing converged Telephony- Internet networks. Proceedings of the 3rd International Workshop on Net-Centric Computing, Toronto, Canada, May 2001, pp. 32-35

Designing the Parlay Call-Control Using ASMs

Falcarin, P. and Cavarra, Alessandra 2003. Designing the Parlay Call-Control Using ASMs. Börger, E; Gargantini, A; Riccobene, E. (Eds ) Abstract State Machines (ASM 2003)

Communication Web Services Composition and Integration

Venezia, Claudio and Falcarin, P. 2006. Communication Web Services Composition and Integration. IEEE Proceedings of International Conference on Web Services (ICWS-06). September 2006 IEEE Press pp. 523 - 530

Automated Reasoning on Aspects Interactions

Falcarin, P. and Torchiano, Marco 2006. Automated Reasoning on Aspects Interactions. IEEE/ACM Proceedings of International Conference on Automated Software Engineering (ASE 2006). Tokyo Japan

Service Discovery Suite for User-Centric Service Creation

Baladrón, Carlos, Aguiar, Javier, Carro, Belén, Sienel, Jürgen, Trapero, Rubén, Yelmo, Juan Carlos, del Álamo, José María, Yu, Jian and Falcarin, P. 2007. Service Discovery Suite for User-Centric Service Creation. . In Service Oriented Computing: a look at the Inside (SOC@Inside'07) workshop. ACM Vienna

An Approach to Domain-Specific Reuse in Service-Oriented Environments

Wang, Jianwu, Yu, Jian, Falcarin, P., Han, Yanbo and Morisio, Maurizio 2008. An Approach to Domain-Specific Reuse in Service-Oriented Environments. Mei, H. (Ed ) High Confidence Software Reuse in Large Systems ICSR 2008

Realizing an MDA and SOA Marriage for the Development of Mobile Services

Belaunde, Mariano and Falcarin, P. 2008. Realizing an MDA and SOA Marriage for the Development of Mobile Services. ECMDA-FA 2008.

Service opportunities for next generation networks

Andreetto, Alessandra, Licciardi, Carlo Alberto and Falcarin, P. 2001. Service opportunities for next generation networks. Proceedings Eurescom Summit conference - 3G Technologies and Applications. Heidelberg Germania

Remote Trust with Aspect-Oriented Programming

Falcarin, P., Scandariato, Riccardo and Baldi, Mario 2006. Remote Trust with Aspect-Oriented Programming. IEEE 20th International Conference on Advanced Information Networking and Applications (AINA 2006). Vienna, Austria Apr 2006 pp. 451-456

Using Temporal Business Rules to Synthesize Service Composition Process Models

Yu, Jian, Han, Jun, Falcarin, P. and Morisio, Maurizio 2007. Using Temporal Business Rules to Synthesize Service Composition Process Models.

Introducing the user to the service creation world: concepts for user centric service creation, personalization and notification

Caetano, Jorge, Santos, Pedro, Justino, Paulo, Goix, Laurent Walter, Renditore, Paola, Demartini, Matteo, Falcarin, P., Martín, Raúl, Martínez, Alvaro, Fernández, Rosario, Baladrón, Carlos, Aguiar, Javier and Carro, Belén 2007. Introducing the user to the service creation world: concepts for user centric service creation, personalization and notification. 16th IST Mobile & Wireless Communications Summit. Budapest Hungary

Application-oriented trust in distributed computing

Scandariato, Riccardo, Ofek, Yoram, Falcarin, P. and Baldi, Mario 2008. Application-oriented trust in distributed computing. IEEE, International Conference on Availability, Reliability and Security (ARES 2008), Barcelona (Spain) March 2008. pp 434-439.

A User-Centric Service Creation Approach for Next Generation Networks

Yelmo, Juan Carlos, del Álamo, José María, Trapero, Rubén, Falcarin, P., Yu, Jian, Carro, Belén and Baladrón, Carlos 2008. A User-Centric Service Creation Approach for Next Generation Networks. First ITU-T Kaleidoscope Academic Conference. Geneva, Switzerland May 2008 pp. 211-218

A Model-driven Framework for Professional Service Designers and Developers

Belaunde, Mariano, Falcarin, P. and Jezequel, Jean-Marc 2008. A Model-driven Framework for Professional Service Designers and Developers. ICIN 2008 International Conference on Intelligent Networks: Services, Enablers and Architectures. Bordeaux, France Oct 2008

User-Centric Future Internet and Telecommunication Services

Baladrón, Carlos, Aguiar, Javier, Carro, Belén, Goix, Laurent Walter, Martin, Alberto León, Falcarin, P. and Sienel, Jürgen 2009. User-Centric Future Internet and Telecommunication Services. in: Georgios, T. (ed.) Towards the Future Internet - A European Research Perspective IOS Press. pp. 217-226

Next Generation Networks: the service offering standpoint

Lago, Patricia, Falcarin, P., Andreetto, Alessandra and Licciardi, Carlo Alberto 2001. Next Generation Networks: the service offering standpoint.

Technologies and Guidelines for Service Creation in NGN

Licciardi, Carlo Alberto and Falcarin, P. 2003. Technologies and Guidelines for Service Creation in NGN.

Dynamic Architectural Changes for Distributed Services

Falcarin, P., Lago, Patricia and Morisio, Maurizio 2003. Dynamic Architectural Changes for Distributed Services. 8th International Workshop on Component-Oriented Programming. Darmstadt Germany

Software Tampering Detection using AOP and mobile code

Falcarin, P., Baldi, Mario and Mazzocchi, Daniele 2004. Software Tampering Detection using AOP and mobile code.

Software Architecture Evolution through Dynamic AOP

Falcarin, P. and Alonso, Gustavo 2004. Software Architecture Evolution through Dynamic AOP. Oquendo, F. et al (Eds) European Workshop on Software Architectures (EWSA) pp. 21-22

The Effectiveness of Source Code Obfuscation: an Experimental Assessment

Ceccato, Mariano, Di Penta, Massimiliano, Nagra, Jasvir, Falcarin, P., Ricca, Filippo, Torchiano, Marco and Tonell, Paolo 2009. The Effectiveness of Source Code Obfuscation: an Experimental Assessment. 17th IEEE International Conference on Program Comprehension (ICPC-09). Vancouver (Canada) May 17-19 2009 pp. 178 - 187

Developing Secure Software and Systems

Download files

228

100

2

0

Export as

Related outputs