IJASEIT

International Journal on Advanced Science, Engineering and Information Technology, Vol. 1 (2011) No. 4, pages: 413-417, Proceeding of the International Conference on Advanced Science, Engineering and Information Technology (ICASEIT 2011), Bangi, Malaysia, 14-15 January 2011, DOI:10.18517/ijaseit.1.4.84

Generalized Software Security Framework

Smriti Jain, Maya Ingle

Abstract

Security of information has become a major concern in today's digitized world. As a result, effective techniques to secure information are required. The most effective way is to incorporate security in the development process itself thereby resulting into secured product. In this paper, we propose a framework that enables security to be included in the software development process. The framework consists of three layers namely; control layer, aspect layer and development layer. The control layer illustrates the managerial control of the entire software development process with the help of governance whereas aspect layer recognizes the security mechanisms that can be incorporated during the software development to identify the various security features. The development layer helps to integrate the various security aspects as well as the controls identified in the above layers during the development process. The layers are further verified by a survey amongst the IT professionals. The professionals concluded that the developed framework is easy to use due to its layered architecture and, can be customized for various types of softwares.