Catalog Home Page

Security through design as a paradigm for systems development

Payne, Christian (1999) Security through design as a paradigm for systems development. Honours thesis, Murdoch University.

[img]
PDF - Whole Thesis
Available Upon Request

Abstract

While the importance of security has long been recognised, research efforts aimed at finding a solution have, so far, had little practical effect. Approaches utilising formal methods, theoretical security models and security evaluation criteria tend to be complex, unwieldy and often commercially unworkable in a world where software is continually being written, updated, improved and patched. The result is that few systems utilise such approaches and their effect on improving overall computer security has been minimal. As a result further work is required to find a more practical approach to understanding and improving the security of ,the computer systems that our society depends upon.

This study examined the influence that the development approach, as viewed from a "waterfall" model perspective, has upon the effective security of the final system. In conducting this, the practical security of three systems was analysed based upon a metric developed as part of the study. This metric allowed a multi-layered set of results to be produced for each system, including a final numerical estimate of effective security. A descriptive study was then made of the role that security had played in every phase of the development process for each of these systems. Information was gathered through examination of system behaviour, documentation and through interviews with developers. A comparison could then be made between the results of the security analysis and the approach taken with security.

The results of this showed that systems which considered security at every phase of the development process demonstrated markedly better degrees of security. Conclusions were also able to be drawn concerning the relative importance of each phase and the specific influences that each had Dn aspects of security. Additionally, relationships were discovered and examined between the different theoretical dimensions of security and how they apply to real-world systems.

Item Type: Thesis (Honours)
Murdoch Affiliation: School of Information Technology
Notes: Note to the author: If you would like to make your thesis openly available on Murdoch University Library's Research Repository, please contact: repository@murdoch.edu.au. Thank you.
Supervisor(s): Cole, Peter and Rai, Shri
URI: http://researchrepository.murdoch.edu.au/id/eprint/41487
Item Control Page Item Control Page