Processos de desenvolvimento de software confiável baseados em padrões de segurança

Detalhes bibliográficos
Ano de defesa: 2011
Autor(a) principal: Wagner, Rosana
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Universidade Federal de Santa Maria
BR
Ciência da Computação
UFSM
Programa de Pós-Graduação em Informática
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Segurança da informação
Padrões de segurança
Processos de software
SSE-CMM
Information security
Security patterns
Software processes
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
Link de acesso: http://repositorio.ufsm.br/handle/1/5370
Resumo: Organizations face a series of difficulties in answering to the demands that are projected by the norms and models of software security. The norms and models provide a set of good security practices which should followed but do not describe how these practices must be implemented. Security patterns document good security solutions which can be incorporated to the software process. However they are difficult to be incorporated in each software development phase. In way, this work proposes a methodology for the adaptation of software processes based on security requirements that are preconized by the security practices of the Systems Security Engineering Capability Maturity Model (SSE-CMM). The basis for adaptation is a process framework that is elaborated from the Rational Unified Process (RUP) and security patterns proposed on the literature. By means of this methodology, the project managers, or related roles, find support for their decisions referent to the implementation of information security. In addition, some process area2 pattern association rules have initially been proposed and inserted in the framework. Although they are only suggestions and should be adapted according to the necessity of each project. In addition they should be adjusted according to the understanding of each project engineer or manager. Finally, they should evolve to the extent that the organization learns from past projects. The methodology and the association rules are supported by a developed tool, the SMT- Tool. The aim of this tool is to help the development of the process adaptation task.

Registros relacionados