CryptSDLC : Embedding Cryptographic Engineering into Secure Software Development Lifecycle
Détails
ID Serval
serval:BIB_44CB56A6225B
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Institution
Titre
CryptSDLC : Embedding Cryptographic Engineering into Secure Software Development Lifecycle
Titre de la conférence
Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018
ISBN
9781450364485
Statut éditorial
Publié
Date de publication
2018
Peer-reviewed
Oui
Langue
anglais
Résumé
Application development for the cloud is already challenging because of the complexity caused by the ubiquitous, interconnected, and scalable nature of the cloud paradigm. But when modern secure and privacy aware cloud applications require the integration of cryptographic algorithms, developers even need to face additional challenges: An incorrect application may not only lead to a loss of the intended strong security properties but may also open up additional loopholes for potential breaches some time in the near or far future. To avoid these pitfalls and to achieve dependable security and privacy by design, cryptography needs to be systematically designed into the software, and from scratch. We present a system architecture providing a practical abstraction for the many specialists involved in such a development process, plus a suitable cryptographic software development life cycle methodology on top of the architecture. The methodology is complemented with additional tools supporting structured inter--domain communication and thus the generation of consistent results: cloud security and privacy patterns, and modelling of cloud service level agreements. We conclude with an assessment of the use of the Cryptographic Software Design Life Cycle (CryptSDLC) in a EU research project.
Création de la notice
27/06/2019 10:07
Dernière modification de la notice
21/08/2019 5:14