Processos de desenvolvimento de software confiável baseados em padrões de segurança
Autor(a) principal: | |
---|---|
Data de Publicação: | 2011 |
Tipo de documento: | Dissertação |
Idioma: | por |
Título da fonte: | Repositório Institucional Manancial UFSM |
Texto Completo: | http://repositorio.ufsm.br/handle/1/5370 |
Resumo: | Organizations face a series of difficulties in answering to the demands that are projected by the norms and models of software security. The norms and models provide a set of good security practices which should followed but do not describe how these practices must be implemented. Security patterns document good security solutions which can be incorporated to the software process. However they are difficult to be incorporated in each software development phase. In way, this work proposes a methodology for the adaptation of software processes based on security requirements that are preconized by the security practices of the Systems Security Engineering Capability Maturity Model (SSE-CMM). The basis for adaptation is a process framework that is elaborated from the Rational Unified Process (RUP) and security patterns proposed on the literature. By means of this methodology, the project managers, or related roles, find support for their decisions referent to the implementation of information security. In addition, some process area2 pattern association rules have initially been proposed and inserted in the framework. Although they are only suggestions and should be adapted according to the necessity of each project. In addition they should be adjusted according to the understanding of each project engineer or manager. Finally, they should evolve to the extent that the organization learns from past projects. The methodology and the association rules are supported by a developed tool, the SMT- Tool. The aim of this tool is to help the development of the process adaptation task. |
id |
UFSM-20_929d37f0d268175aff262fa3391a94c0 |
---|---|
oai_identifier_str |
oai:repositorio.ufsm.br:1/5370 |
network_acronym_str |
UFSM-20 |
network_name_str |
Repositório Institucional Manancial UFSM |
repository_id_str |
3913 |
spelling |
2011-04-062011-04-062011-03-01WAGNER, Rosana. RELIABLE SOFTWARE DEVELOPMENT PROCESSES BASED ON SECURITY PATTERNS. 2011. 107 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Santa Maria, Santa Maria, 2011.http://repositorio.ufsm.br/handle/1/5370Organizations face a series of difficulties in answering to the demands that are projected by the norms and models of software security. The norms and models provide a set of good security practices which should followed but do not describe how these practices must be implemented. Security patterns document good security solutions which can be incorporated to the software process. However they are difficult to be incorporated in each software development phase. In way, this work proposes a methodology for the adaptation of software processes based on security requirements that are preconized by the security practices of the Systems Security Engineering Capability Maturity Model (SSE-CMM). The basis for adaptation is a process framework that is elaborated from the Rational Unified Process (RUP) and security patterns proposed on the literature. By means of this methodology, the project managers, or related roles, find support for their decisions referent to the implementation of information security. In addition, some process area2 pattern association rules have initially been proposed and inserted in the framework. Although they are only suggestions and should be adapted according to the necessity of each project. In addition they should be adjusted according to the understanding of each project engineer or manager. Finally, they should evolve to the extent that the organization learns from past projects. The methodology and the association rules are supported by a developed tool, the SMT- Tool. The aim of this tool is to help the development of the process adaptation task.As organizações enfrentam uma série de dificuldades para atender às exigências previstas pelas normas e modelos de segurança de software. As normas e modelos fornecem um conjunto de boas práticas de segurança que devem ser seguidas, mas não descrevem como essas práticas devem ser implementadas. Padrões de segurança documentam boas soluções de segurança que podem ser incorporadas ao processo de software, mas são difíceis de serem incorporados em cada fase do desenvolvimento de software. Desta forma, a proposta deste trabalho propõe uma metodologia para adaptação de processos de software com base em requisitos de segurança, preconizados pelas práticas de segurança do Systems Security Engineering Capability Maturity Model (SSE-CMM). A adaptação tem como base um framework de processo elaborado a partir do Rational Unified Process (RUP) e de padrões de segurança propostos na literatura. A partir desta metodologia, os gerentes de projetos, ou papéis relacionados, encontram suporte para suas decisões referentes à implementação de segurança da informação. Ainda, algumas regras de associações de padrões às áreas de processo1, descritas pelo SSE-CMM, foram inicialmente propostas e inseridas no framework, porém, são apenas sugestões e devem ser adaptadas conforme a necessidade de cada projeto, bem como do entendimento de cada engenheiro ou gerente de projeto, e devem evoluir a medida que a organização aprenda com projetos passados. A metodologia e as regras de associações são suportadas por uma ferramenta, a SMT- Tool, desenvolvida com o objetivo de apoiar a realização da tarefa de adaptação de processos.Coordenação de Aperfeiçoamento de Pessoal de Nível Superiorapplication/pdfporUniversidade Federal de Santa MariaPrograma de Pós-Graduação em InformáticaUFSMBRCiência da ComputaçãoSegurança da informaçãoPadrões de segurançaProcessos de softwareSSE-CMMInformation securitySecurity patternsSoftware processesCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAOProcessos de desenvolvimento de software confiável baseados em padrões de segurançaReliable software development processes based on security patternsinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisFontoura, Lisandra Manzonihttp://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4778595T5Nunes, Raul Cerettahttp://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4792667H1Silva, Luís Alvaro de Limahttp://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4728273Z9http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4484703E4Wagner, Rosana1003000000074003003005003000e178750-1d50-4963-b11c-6e950149b15335af9cc7-fe54-478c-a78f-30527aced7db57fafaae-aad3-4366-bce3-ab3e71704ade34d7f124-0151-4dbb-8392-c5c83e0dc8f1info:eu-repo/semantics/openAccessreponame:Repositório Institucional Manancial UFSMinstname:Universidade Federal de Santa Maria (UFSM)instacron:UFSMORIGINALWAGNER, ROSANA.pdfapplication/pdf4800566http://repositorio.ufsm.br/bitstream/1/5370/1/WAGNER%2c%20ROSANA.pdffefc29228542997c3942c05b1b63f51fMD51TEXTWAGNER, ROSANA.pdf.txtWAGNER, ROSANA.pdf.txtExtracted texttext/plain168750http://repositorio.ufsm.br/bitstream/1/5370/2/WAGNER%2c%20ROSANA.pdf.txt99ba5dd42c2c96b1447bba7dc4692c7dMD52THUMBNAILWAGNER, ROSANA.pdf.jpgWAGNER, ROSANA.pdf.jpgIM Thumbnailimage/jpeg4729http://repositorio.ufsm.br/bitstream/1/5370/3/WAGNER%2c%20ROSANA.pdf.jpg0d00caa0175e78bc22b90a38c4fcd30fMD531/53702022-03-02 17:15:07.288oai:repositorio.ufsm.br:1/5370Repositório Institucionalhttp://repositorio.ufsm.br/PUBhttp://repositorio.ufsm.br/oai/requestouvidoria@ufsm.bropendoar:39132022-03-02T20:15:07Repositório Institucional Manancial UFSM - Universidade Federal de Santa Maria (UFSM)false |
dc.title.por.fl_str_mv |
Processos de desenvolvimento de software confiável baseados em padrões de segurança |
dc.title.alternative.eng.fl_str_mv |
Reliable software development processes based on security patterns |
title |
Processos de desenvolvimento de software confiável baseados em padrões de segurança |
spellingShingle |
Processos de desenvolvimento de software confiável baseados em padrões de segurança Wagner, Rosana Segurança da informação Padrões de segurança Processos de software SSE-CMM Information security Security patterns Software processes CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
title_short |
Processos de desenvolvimento de software confiável baseados em padrões de segurança |
title_full |
Processos de desenvolvimento de software confiável baseados em padrões de segurança |
title_fullStr |
Processos de desenvolvimento de software confiável baseados em padrões de segurança |
title_full_unstemmed |
Processos de desenvolvimento de software confiável baseados em padrões de segurança |
title_sort |
Processos de desenvolvimento de software confiável baseados em padrões de segurança |
author |
Wagner, Rosana |
author_facet |
Wagner, Rosana |
author_role |
author |
dc.contributor.advisor1.fl_str_mv |
Fontoura, Lisandra Manzoni |
dc.contributor.advisor1Lattes.fl_str_mv |
http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4778595T5 |
dc.contributor.referee1.fl_str_mv |
Nunes, Raul Ceretta |
dc.contributor.referee1Lattes.fl_str_mv |
http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4792667H1 |
dc.contributor.referee2.fl_str_mv |
Silva, Luís Alvaro de Lima |
dc.contributor.referee2Lattes.fl_str_mv |
http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4728273Z9 |
dc.contributor.authorLattes.fl_str_mv |
http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4484703E4 |
dc.contributor.author.fl_str_mv |
Wagner, Rosana |
contributor_str_mv |
Fontoura, Lisandra Manzoni Nunes, Raul Ceretta Silva, Luís Alvaro de Lima |
dc.subject.por.fl_str_mv |
Segurança da informação Padrões de segurança Processos de software SSE-CMM |
topic |
Segurança da informação Padrões de segurança Processos de software SSE-CMM Information security Security patterns Software processes CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
dc.subject.eng.fl_str_mv |
Information security Security patterns Software processes |
dc.subject.cnpq.fl_str_mv |
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO |
description |
Organizations face a series of difficulties in answering to the demands that are projected by the norms and models of software security. The norms and models provide a set of good security practices which should followed but do not describe how these practices must be implemented. Security patterns document good security solutions which can be incorporated to the software process. However they are difficult to be incorporated in each software development phase. In way, this work proposes a methodology for the adaptation of software processes based on security requirements that are preconized by the security practices of the Systems Security Engineering Capability Maturity Model (SSE-CMM). The basis for adaptation is a process framework that is elaborated from the Rational Unified Process (RUP) and security patterns proposed on the literature. By means of this methodology, the project managers, or related roles, find support for their decisions referent to the implementation of information security. In addition, some process area2 pattern association rules have initially been proposed and inserted in the framework. Although they are only suggestions and should be adapted according to the necessity of each project. In addition they should be adjusted according to the understanding of each project engineer or manager. Finally, they should evolve to the extent that the organization learns from past projects. The methodology and the association rules are supported by a developed tool, the SMT- Tool. The aim of this tool is to help the development of the process adaptation task. |
publishDate |
2011 |
dc.date.accessioned.fl_str_mv |
2011-04-06 |
dc.date.available.fl_str_mv |
2011-04-06 |
dc.date.issued.fl_str_mv |
2011-03-01 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.citation.fl_str_mv |
WAGNER, Rosana. RELIABLE SOFTWARE DEVELOPMENT PROCESSES BASED ON SECURITY PATTERNS. 2011. 107 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Santa Maria, Santa Maria, 2011. |
dc.identifier.uri.fl_str_mv |
http://repositorio.ufsm.br/handle/1/5370 |
identifier_str_mv |
WAGNER, Rosana. RELIABLE SOFTWARE DEVELOPMENT PROCESSES BASED ON SECURITY PATTERNS. 2011. 107 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Santa Maria, Santa Maria, 2011. |
url |
http://repositorio.ufsm.br/handle/1/5370 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.relation.cnpq.fl_str_mv |
100300000007 |
dc.relation.confidence.fl_str_mv |
400 300 300 500 300 |
dc.relation.authority.fl_str_mv |
0e178750-1d50-4963-b11c-6e950149b153 35af9cc7-fe54-478c-a78f-30527aced7db 57fafaae-aad3-4366-bce3-ab3e71704ade 34d7f124-0151-4dbb-8392-c5c83e0dc8f1 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Universidade Federal de Santa Maria |
dc.publisher.program.fl_str_mv |
Programa de Pós-Graduação em Informática |
dc.publisher.initials.fl_str_mv |
UFSM |
dc.publisher.country.fl_str_mv |
BR |
dc.publisher.department.fl_str_mv |
Ciência da Computação |
publisher.none.fl_str_mv |
Universidade Federal de Santa Maria |
dc.source.none.fl_str_mv |
reponame:Repositório Institucional Manancial UFSM instname:Universidade Federal de Santa Maria (UFSM) instacron:UFSM |
instname_str |
Universidade Federal de Santa Maria (UFSM) |
instacron_str |
UFSM |
institution |
UFSM |
reponame_str |
Repositório Institucional Manancial UFSM |
collection |
Repositório Institucional Manancial UFSM |
bitstream.url.fl_str_mv |
http://repositorio.ufsm.br/bitstream/1/5370/1/WAGNER%2c%20ROSANA.pdf http://repositorio.ufsm.br/bitstream/1/5370/2/WAGNER%2c%20ROSANA.pdf.txt http://repositorio.ufsm.br/bitstream/1/5370/3/WAGNER%2c%20ROSANA.pdf.jpg |
bitstream.checksum.fl_str_mv |
fefc29228542997c3942c05b1b63f51f 99ba5dd42c2c96b1447bba7dc4692c7d 0d00caa0175e78bc22b90a38c4fcd30f |
bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 |
repository.name.fl_str_mv |
Repositório Institucional Manancial UFSM - Universidade Federal de Santa Maria (UFSM) |
repository.mail.fl_str_mv |
ouvidoria@ufsm.br |
_version_ |
1808854714799882240 |