CryptSDLC : Embedding Cryptographic Engineering into Secure Software Development Lifecycle
Details
Serval ID
serval:BIB_44CB56A6225B
Type
Inproceedings: an article in a conference proceedings.
Collection
Publications
Institution
Title
CryptSDLC : Embedding Cryptographic Engineering into Secure Software Development Lifecycle
Title of the conference
Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018
ISBN
9781450364485
Publication state
Published
Issued date
2018
Peer-reviewed
Oui
Language
english
Abstract
Application development for the cloud is already challenging because of the complexity caused by the ubiquitous, interconnected, and scalable nature of the cloud paradigm. But when modern secure and privacy aware cloud applications require the integration of cryptographic algorithms, developers even need to face additional challenges: An incorrect application may not only lead to a loss of the intended strong security properties but may also open up additional loopholes for potential breaches some time in the near or far future. To avoid these pitfalls and to achieve dependable security and privacy by design, cryptography needs to be systematically designed into the software, and from scratch. We present a system architecture providing a practical abstraction for the many specialists involved in such a development process, plus a suitable cryptographic software development life cycle methodology on top of the architecture. The methodology is complemented with additional tools supporting structured inter--domain communication and thus the generation of consistent results: cloud security and privacy patterns, and modelling of cloud service level agreements. We conclude with an assessment of the use of the Cryptographic Software Design Life Cycle (CryptSDLC) in a EU research project.
Create date
27/06/2019 10:07
Last modification date
21/08/2019 5:14