Abstract | ||
---|---|---|
Security experts generally believe that, "security cannot be added on, it must be designed from the beginning" [1]. This is because the typical way of improving system security by patches is ad hoc and has not produced good results. My work shows that retrofitting security does not need to be a massive reengineering effort, nor does it need to be ad hoc. Security solutions can be added through systematic, general purpose security-oriented program transformations. I have been maintaining a catalog of security-oriented program transformations; so far the catalog contains forty two transformations. These transformations improve the traditional approaches of security engineering and keep software secure in the face of new security threats. |
Year | DOI | Keywords |
---|---|---|
2009 | 10.1145/1558607.1558622 | system security,security-oriented program transformation,general purpose,massive reengineering effort,security engineering,security expert,retrofitting security,program transformation,new security threat,security solution,security,good result,software security |
Field | DocType | Citations |
Security convergence,Security testing,Security through obscurity,Computer science,Computer security,Software security assurance,Security service,Cloud computing security,Security information and event management,Computer security model | Conference | 1 |
PageRank | References | Authors |
0.35 | 13 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Munawar Hafiz | 1 | 224 | 15.40 |
Ralph E. Johnson | 2 | 1790 | 264.74 |