참고문헌
- J. Viega and G. McGraw, Building Secure Software. Addison -Wesley, 2002.
- M. Howard, "Building more secure software with improved development process," IEEE Security & Privacy, Vol.2, No.6, pp.63-65, 2004. https://doi.org/10.1109/MSP.2004.95
- N. Davis, W. Humphrey, S. R. Jr., G. Zibulski, and G. McGraw, "Processes for producing secure software," IEEE Security & Privacy, Vol.2, No.3, pp.18-25, 2004. https://doi.org/10.1109/MSP.2004.21
- J. K. R and A. Mathur, "Software engineering for secure software - state of the art: A survey," tech. rep., Purdue University, 2005.
- A. Alkussayer and W. H. Allen, "Towards secure software development: Integrating security patterns into a secure SDLC," in The 47th ACM Southeast Conference, 2009.
- A. Alkussayer and W. Allen, "The ISDF framework: Integrating security patterns and best practices," in The 3rd International Conference on Information Security and Assurance (ISA'09), 2009. https://doi.org/10.1007/978-3-642-02633-1_3
- M. Howard and S. Lipner, The Security Development Lifecycle SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press, 2006.
- G. McGraw, Software Security: Building Security In. Addison-Wesley, 2006.
- M. Howard and S. Lipner, "Inside the windows security push," IEEE Security & Privacy, Vol.1, No.1, pp.57-61, 2003. https://doi.org/10.1109/MSECP.2003.1176996
- OWASP, "Comprehensive, lightweight application security process," http://www.owasp.org, 2009.
- G. McGraw, "Software security," IEEE Security & Privacy, Vol.2, No.2, pp.80-83, 2004. https://doi.org/10.1109/MSECP.2004.1281254
- S. Simpson, "Fundamental practices for secure software development: A guide to the most effective secure development practices in use today." http://www.safecode.org, 2008
- M. Schumacher, E. Frenandez-Buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering. John Wiley & Sons, 2006.
- C. Alexander, S. Ishikawa, M. Jacobson, I. Fiksdahl-King, and S. Angel, A Pattern Language: Towns- Buildings- Construction. Oxford University Press, 1977.
- E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design Patterns: Elements of Reusable Object- Oriented Software. Addison- Wesley Professional, 1995.
- J. Yoder and J. Barcalow, "Architecural patterns for enabling application security," in PLoP97 Conference, 1997.
- T. Heyman, K. Yskout, R. Scandariato, and W. Joosen, "An analysis of the security patterns landscape," in 3rd International workshop on Software Engineering for Secure Systems, 2007. https://doi.org/10.1109/SESS.2007.4
- G. H. G. McGraw, Exploiting Software: How to Break Code. Addison-Wesley, 2004.
- T. G. D. Graham, Software Inspection. Addison-Wesley,1993.
- M. Howard and D. LeBlance, Writing Secure Code. Microsoft Press, 2003.
- B. Potter and G. McGraw, "Software security testing," Software Development, Vol.2, No.5, pp.81-85, 2005. https://doi.org/10.1109/MSP.2004.84
- B. Chess and G. McGraw, "Static analysis for security," Software Development, Vol.2, No.6, pp.76-79, 2004. https://doi.org/10.1109/MSP.2004.111
- J. Gregoire, K. Buyens, B. Win, R. Scandariato, and W. Joosen, "On the secure software development process: CLASP and SDL compared," in Third International Workshop on Software Engineering for Secure Systems(SESS'07), 2007. https://doi.org/10.1109/SESS.2007.7
- C. Steel, R. Nagappan, and R. Lai, Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management. Prentice Hall Ptr, 2005.
- E. B. Fernandez and R. Pan,"A pattern language for security models," in PLoP 2001 Conference, 2001.
- D. Hatebur, M. Heisel, and H. Schmidt, "Security engineering using problem frames," in International Conference on Emerging Trends in Information and Communication Security (ETRICS), 2006. https://doi.org/10.1007/11766155_17
- M. A. Jackson, Problem Frames: Analysing and Structuring Software Development Problems. Addison-Wesley, 2001.
- V. Horvath and T. Dorges, "From security patterns to implementation using petri nets," in International Conference on Software Engineering, 2008. https://doi.org/10.1145/1370905.1370908
- K. Supaporn, N. Prompoon, and T. Rojkangsadan, "An approach: Constructing the grammar from security patterns," in the 4th International Joint Conference on Computer Science and Software Engineering (JCSSE2007), 2007.
- K. Yskout, T. Heyman, R. Scandariato, and W. Joosen, "An inventory of security patterns," tech. rep., Katholieke University Leuven, Department of Computer Science, 2006.
- M. Ha_z, P. Adamczyk, and R. Johnson, "Organizing security patterns," IEEE Software, Vol.24, No.4, pp.52-60, 2007. https://doi.org/10.1109/MS.2007.114
- B. Blakley, C. Heath, and M. of the Open Group Security Forum, "Security design patterns," tech. rep., Open Group, 2004.
- N. Yoshioka, H. Washizaki, and K. Maruyama, "A survey on security patterns," Progress In Informatics, No.5, pp.35-47, 2008. https://doi.org/10.2201/NiiPi.2008.5.5
- M. Andrews and J. A. Whittaker, How to Break Web Software. Addison-Wesley, 2006.
- A. Aprville and M. Pourzandi, "Secure software development by example," IEEE Security & Privacy, Vol.3, No.4, pp.10-17, 2005. https://doi.org/10.1109/MSP.2005.103
- J. Jurjens, Secure System Development with UML. Springer, 2004.
- I. Valenzuela, "Integration ISO17799 into your software development lifecycle," (In)Secure, Vol.11, pp.29-36, 2007.
- E. B. Fernandez, "A methodology for secure software design," in International Conference on Software Engineering Research and Practice, 2004.
- E. B. Fernandez, N. Yoshioka, H. Washizaki, and J. Jurjens, "Using security patterns to build secure systems," in 1st International Workshop on Software Patterns and Quality (SPAQu'07), 2007.
- C. Haley, J. Mo_ett, R. Laney, and B. Nuseibeh, "A framework for security requirements engineering," in SESS'06, 2006. https://doi.org/10.1145/1137627.1137634
- G. Sindre and A. Opdahl, "Eliciting security requirements with misuse cases," Requirements Engineering, Vol.10, No.1, pp.34-44, 2005. https://doi.org/10.1007/s00766-004-0194-4
- C. Haley, R. Laney, J. Mo_ett, and B. Nuseibeh, "The effect of trust assumptions on the elaboration of security requirements," in Proceedings of the Requirements Engineering Conference, 12th IEEE International, 2004. https://doi.org/10.1109/ICRE.2004.1335668
- N. Mead, E. Hough, and T. Stehney, "Security quality requirements engineering (SQUARE) methodology," tech. rep., CMU/SEI-2005-TR-009, 2005.
- C. Haley, R. Laney, J. Mo_ett, and B. Nuseibeh, "Security requirements engineering: A framework for representation and analysis," IEEE Transactions on Software Engineering, Vol.34, No.1, pp.133-153, 2008. https://doi.org/10.1109/TSE.2007.70754
피인용 문헌
- Securing distributed systems using patterns: A survey vol.31, pp.5, 2012, https://doi.org/10.1016/j.cose.2012.04.005
- Secure software development: a prescriptive framework vol.2011, pp.8, 2011, https://doi.org/10.1016/S1361-3723(11)70083-5
- Building Secure Software Using XP vol.2, pp.3, 2011, https://doi.org/10.4018/jsse.2011070104
- Meta-Modeling Based Secure Software Development Processes vol.5, pp.3, 2014, https://doi.org/10.4018/ijsse.2014070104