Analysis of Software Development and Operation Measures from the Perspective of Security Technology

Security technology is crucial in software development and operation in the digital age. Secure software can protect user privacy and data security, prevent hacker attacks and data breaches, ensure legitimate business operations, and protect core assets. However, the development process often faces threats such as injection attacks, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF), mainly due to code vulnerabilities, configuration errors, and risks from third-party components. To meet these challenges, this paper discusses the application of security technology in development and operation, emphasizing security requirements analysis, design principles, coding practices, and testing during the development phase. Along with focusing on environmental configuration, continuous monitoring, emergency response, disaster recovery, and regular auditing and updating during the operation phase. These measures can significantly enhance the security of software systems and protect user and corporate data.

A Survey: Typical Security Issues of Software-Defined Networking

Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.

Security Threat and Vulnerability Assessment and Measurement in Secure Software Development

Security is critical to the success of software,particularly in today’s fast-paced,technology-driven environment.It ensures that data,code,and services maintain their CIA(Confidentiality,Integrity,and Availability).This is only possible if security is taken into account at all stages of the SDLC(Software Development Life Cycle).Various approaches to software quality have been developed,such as CMMI(Capabilitymaturitymodel integration).However,there exists no explicit solution for incorporating security into all phases of SDLC.One of the major causes of pervasive vulnerabilities is a failure to prioritize security.Even the most proactive companies use the“patch and penetrate”strategy,inwhich security is accessed once the job is completed.Increased cost,time overrun,not integrating testing and input in SDLC,usage of third-party tools and components,and lack of knowledge are all reasons for not paying attention to the security angle during the SDLC,despite the fact that secure software development is essential for business continuity and survival in today’s ICT world.There is a need to implement best practices in SDLC to address security at all levels.To fill this gap,we have provided a detailed overview of secure software development practices while taking care of project costs and deadlines.We proposed a secure SDLC framework based on the identified practices,which integrates the best security practices in various SDLC phases.A mathematical model is used to validate the proposed framework.A case study and findings show that the proposed system aids in the integration of security best practices into the overall SDLC,resulting in more secure applications.

Software Composition of Different Security Level Components

In this paper the authors show how software component design can affect security properties through different composition operators. The authors define software composition as the result of aggregating and/or associating a component to a software system. The component itself may be informational or functional and carry a certain level of security attribute. The authors first show that the security attributes or properties form a lattice structure when combined with the appropriate least upper bound and greatest lower bound type of operators. Three composition operators, named C l, C2 and C3 are developed. The system＇s security properties resulting from these compositions are then studied. The authors discuss how different composition operators maintain, relax and restrict the security properties. Finally, the authors show that C1 and C2 composition operators are order-sensitive and that C3 is order-insensitive.

Evaluating the Impact of Software Security Tactics: A Design Perspective

Design architecture is the edifice that strengthens the functionalities as well as the security of web applications.In order to facilitate architectural security from the web application’s design phase itself,practitioners are now adopting the novel mechanism of security tactics.With the intent to conduct a research from the perspective of security tactics,the present study employs a hybrid multi-criteria decision-making approach named fuzzy analytic hierarchy process-technique for order preference by similarity ideal solution(AHP-TOPSIS)method for selecting and assessing multi-criteria decisions.The adopted methodology is a blend of fuzzy analytic hierarchy process(fuzzy AHP)and fuzzy technique for order preference by similarity ideal solution(fuzzy TOPSIS).To establish the efficacy of this methodology,the results are obtained after the evaluation have been tested on fifteen different web application projects(Online Quiz competition,Entrance Test,and others)of the Babasaheb Bhimrao Ambedkar University,Lucknow,India.The tabulated outcomes demonstrate that the methodology of the Multi-Level Fuzzy Hybrid system is highly effective in providing accurate estimation for strengthening the security of web applications.The proposed study will help experts and developers in developing and managing security from any web application design phase for better accuracy and higher security.

A Case Study of Adopting Security Guidelines in Undergraduate Software Engineering Education

Security plays a large role in software development;simply without its existence the software would be vulnerable to many different types of attacks. Software security prevents leaks of data, alternation of data, and unauthorized access to data. Building a secure software involves a number of different processes but security awareness and implementation are the most important ones among them. To produce high quality software security engineers need to meet today’s cybersecurity demands, security awareness and implementation must be integrated in undergraduate computer science programming courses. In this paper, we demonstrate the importance of adopting security guidelines in undergraduate software engineering education. Thus, this paper focuses on integrating secure guidelines into existing applications to eliminate common security vulnerabilities. An assessment table, derived from several existing Java security guidelines, is developed to provide in depth critiques of the selected capstone project. Potential security vulnerabilities in the capstone project are identified and presented in a form showing the degree of threats against the three security characteristics: confidentiality, integrity, and availability addressed in the McCumber Cube model. Meanwhile, vulnerability density of the capstone project is calculated to demonstrate the performance of this research.

Soil Database Management Software Development for Optimizing Land Resource Information Utilization to Support National Food Security

Since land resource database development in 1987/1988, a large amount of digital data in spatial, tabular and metadata format has been collected and generated. There are some application softwares of soil database to manage such a large amount of data, i.e.: Side & Horizon (SHDE4), Soil Sample Analysis (SSA), and Land Unit in dbf file, while Site and Horizon is in DataEase formats. The database contains soil physics and chemical property data of each soil horizon from surface to effective soil depth, climate, land surface condi- tions, and other parameters required for soil classification. Currently, database management software for land resources is still based on DOS and is stand alone. The system is not efficient and effectively used as Agri- cultural Land Resource Information System. At present, as a key component of this system requires review and development of new database software is compatible with the development of information technology. This paper explains about development of interactive agricultural land resources information system for op- timizing land resources data utilization. Hopefully, the software can give contributions in national Agricul- tural Land Resources System Information development for supporting food security.

A Six Sigma Security Software Quality Management

Today, the demand for security software is Six Sigma quality, i.e. practically zero-defects. A practical and stochastic method is proposed for a Six Sigma security software quality management. Monte Carlo Simulation is used in a Six Sigma DMAIC (Define, Measure, Analyze, Improve, Control) approach to security software testing. This elaboration used a published real project’s data from the final product testing lasted for 15 weeks, after which the product was delivered. The experiment utilised the first 12 weeks’ data to allow the results verification on the actual data from the last three weeks. A hypothetical testing project was applied, supposed to be completed in 15 weeks. The product due-date was Week 16 with zero-defects quality assurance aim. The testing project was analysed at the end of the 12th week with three weeks of testing remaining. Running a Monte Carlo Simulation with data from the first 12 weeks produced results which indicated that the product would not be able to meet its due-date with the desired zero-defects quality. To quantify an improvement, another simulation was run to find when zero-defects would be achieved. Simulation predicted that zero-defects would be achieved in week 35 with 56% probability, and there would be 82 defects from Weeks 16 - 35. Therefore, to meet the quality goals, either more resources should be allocated to the project, or the deadline for the project should be moved to Week 36. The paper concluded that utilising Monte Carlo Simulations in a Six Sigma DMAIC structured framework is better than conventional approaches using static analysis methods. When the simulation results were compared to the actual data, it was found to be accurate within ﹣3.5% to +1.3%. This approach helps to improve software quality and achieve the zero-defects quality assurance goal, while assigning quality confidence levels to scheduled product releases.

Software Metric Analysis of Open-Source Business Software

Over the past decade, open-source software use has grown. Today, many companies including Google, Microsoft, Meta, RedHat, MongoDB, and Apache are major participants of open-source contributions. With the increased use of open-source software or integration of open-source software into custom-developed software, the quality of this software component increases in importance. This study examined a sample of open-source applications from GitHub. Static software analytics were conducted, and each application was classified for its risk level. In the analyzed applications, it was found that 90% of the applications were classified as low risk or moderate low risk indicating a high level of quality for open-source applications.

Blockchain-Based Secure Distributed Control for Software Defined Optical Networking

Software defined optical networking(SDON)is a critical technology for the next generation network with the advantages of programmable control and etc.As one of the key issues of SDON,the security of control plane has also received extensive attention,especially in certain network scenarios with high security requirement.Due to the existence of vulnerabilities and heavy overhead,the existing firewalls and distributed control technologies cannot solve the control plane security problem well.In this paper,we propose a distributed control architecture for SDON using the blockchain technique(BlockCtrl).The proposed BlockCtrl model introduces the advantages of blockchain into SDON to achieve a high-efficiency fault tolerant control.We have evaluated the performance of our proposed architecture and compared it to the existing models with respect to various metrics including processing rate,recovery latency and etc.The numerical results show that the BlockCtrl is capable of attacks detection and fault tolerant control in SDON with high performance on resource utilization and service correlation.

Software Vulnerability Mining and Analysis Based on Deep Learning

In recent years,the rapid development of computer software has led to numerous security problems,particularly software vulnerabilities.These flaws can cause significant harm to users’privacy and property.Current security defect detection technology relies on manual or professional reasoning,leading to missed detection and high false detection rates.Artificial intelligence technology has led to the development of neural network models based on machine learning or deep learning to intelligently mine holes,reducing missed alarms and false alarms.So,this project aims to study Java source code defect detection methods for defects like null pointer reference exception,XSS(Transform),and Structured Query Language(SQL)injection.Also,the project uses open-source Javalang to translate the Java source code,conducts a deep search on the AST to obtain the empty syntax feature library,and converts the Java source code into a dependency graph.The feature vector is then used as the learning target for the neural network.Four types of Convolutional Neural Networks(CNN),Long Short-Term Memory(LSTM),Bi-directional Long Short-Term Memory(BiLSTM),and Attention Mechanism+Bidirectional LSTM,are used to investigate various code defects,including blank pointer reference exception,XSS,and SQL injection defects.Experimental results show that the attention mechanism in two-dimensional BLSTM is the most effective for object recognition,verifying the correctness of the method.

The Current and Future of Software Securities and Vulnerabilities

As it has been stepping into the e-time period, software, which is considered as the key factor of the network and computer development, has become an integral part of everyday life. Millions of people may perform transaction through internet, mobile phone, ATM, and send e-mails, handle word processing or spreadsheets for different purposes. In another word, the network and information have been related to our daily life completely. Then, by IT advancing, the awareness of software security becomes a hot and serious topic. This paper will give some comments in various aspects, such as, in the beginning of the SDLC (System Development Life Cycle), how do designers analyze the functional and non-functional requirements and choose the proper development model? And then the testing professors take which kinds of methods to test the software with white-box testing or black-box testing to discover the vulnerabilities and flaws. At the same time, the paper gives some examples to demonstrate why the security of software is pretty important and what we should do to secure that. In addition, the paper will talk something about the enterprises’ actions to build a more secure network environment.

Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage

Many organizations,to save costs,are moving to the Bring Your Own Mobile Device(BYOD)model and adopting applications built by third-parties at an unprecedented rate.Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection,mitigation,and prevention.This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project(OWASP).OWASP maintains lists of the top ten security threats to web and mobile applications.We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.We analyze 200+healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats,the threat of“Insecure Data Storage.”We find that many of the applications are storing personally identifying information(PII)in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.

Systematic Review of Web Application Security Vulnerabilities Detection Methods

In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.

Programmable Adaptive Security Scanning for Networked Microgrids

Communication-dependent and software-based distributed energy resources(DERs)are extensively integrated into modern microgrids,providing extensive benefits such as increased distributed controllability,scalability,and observability.However,malicious cyber-attackers can exploit various potential vulnerabilities.In this study,a programmable adaptive security scanning(PASS)approach is presented to protect DER inverters against various power-bot attacks.Specifically,three different types of attacks,namely controller manipulation,replay,and injection attacks,are considered.This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids(NMs)in an ultra-resilient,time-saving,and autonomous manner.The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations.Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.

Collaborative Reversing of Input Formats and Program Data Structures for Security Applications

Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications.In this paper,we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures.The key insight behind our paper is that program uses corresponding data structures as references to parse and access different input fields,and every field could be identified by reversing its corresponding data structure.In details,we use a finegrained dynamic taint analysis to monitor the propagation of inputs.By identifying base pointers for each input byte,we could reverse data structures and conversely identify fields based on their referencing data structures.We construct several experiments to evaluate the effectiveness.Experiment results show that our approach could effectively reverse precise input formats,and provide unique benefits to two representative security applications,exploit diagnosis and malware analysis.

DDoS Attack in Software Defined Networks: A Survey

Distributed Denial of Service(DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking(SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDo S attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDo S threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.

基于Spring Security安全框架的联通资源管理系统安全分析

基于为联通资源管系统提供一个方便可靠的安全框架的目的,采用"面向切面编程"(AOP)的Spring Security安全框架,结合了Spring框架提供的"控制反转"技术,最终创建了一个功能强大、安全可靠的权限控制安全框架。

Research on the Construction of Computer Network Security System in Middle School Campus Network

In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strategies,including the establishment of network security protection system,data backup and recovery mechanism,and strengthening network security management and training.Through these strategies,the safety and stable operation of the campus network can be ensured,the quality of education can be improved,and school’s development can be promoted.

The Measurement of the Software Ecosystem’s Productivity with GitHub

Software productivity has always been one of the most critical metrics for measuring software development.However,with the open-source community(e.g.,GitHub),new software development models are emerging.The traditional productivity metrics do not provide a comprehensive measure of the new software development models.Therefore,it is necessary to build a productivity measurement model of open source software ecosystem suitable for the open-source community’s production activities.Based on the natural ecosystem,this paper proposes concepts related to the productivity of open source software ecosystems,analyses influencing factors of open source software ecosystem productivity,and constructs a measurement model using these factors.Model validation experiments show that the model is compatible with a large portion of open source software ecosystems in GitHub.This study can provide references for participants of the open-source software ecosystem to choose proper types of ecosystems.The study also provides a basis for ecosystem health assessment for researchers interested in ecosystem quality.