INTRODUCTIONIncorporating cyber security protections intosoftware applications during development is a complex issue. In the ever-expandingdigital age, virtually every aspect of human endeavor relies on secure transactionsand operations. However, consideration of cyber security issues is ofteninadequate, leading to problems such as financial losses, data losses, and privacybreaches. From a systems and networking view, enormous efforts have been madeto develop tools to combat specific types of cyber-attacks as they appear.However, hackers tend to think differently than developers of applications andare constantly and proactively developing increasingly notorious and creativeattack strategies.
Such attacks in planting malicious pieces of code thatcorrupt the application, steal sensitive customer information, or introducemalware such as viruses, worms and spyware, phishing, extortion schemes, andspam, can be exploit vulnerabilities introduced at any step of the developmentprocess. Software applications that are vulnerable to cyber-attacks can drivepotential customers and users of the application away. To gain user trust inpurposeful applications, it is important to carry out application developmentwhile carefully addressing security issues at each step. Software developerstend to focus on functional requirements, with little emphasis on non-functionalrequirements, such as security. In this paper we provide a survey of literaturethat is relevant to secure software development practices. Several securityissues, concerns, challenges, and solutions at different phases of the softwaredevelopment life cycle as described in the literature on cyber security arealso presented. However, the scope of this paper is limited to Analysis, Design,Implementation, and testing phases of the Software Development Life Cycle(SDLC).
With technology advancement and mass digitalization of user personaldata, establishing user trust has become an important factor in the use ofsoftware systems. Most software systems are potentially vulnerable to attackseven if there is strict adherence to leading edge principles of encryption and decryption.Security of software systems is classified into three categories: Confidentiality,Integrity and Availability. These categories are also collectively known as theCIA triad.
Confidentiality is defined as “Preservingauthorized restrictions on information access and disclosure, includingmeans for protecting personal privacy and proprietaryinformation…” Integrity is defined as “Guarding against improper information modificationor destruction, and includes ensuring information non-reputation and authenticity…” Availability is defined as “Ensuringtimely and reliable access to and use of information..
.” Security isoften intertwined with trust. In the context of software systems, trust refersto the level of confidence or reliability that a person places in a softwaresystem, including the expectations that they have for the software fulfillingits purpose.
Trust also refers to a relationship that a person forms with softwareapplications that are online or over a network. Trustrelationship is betrayed if the user’s expectations from theseapplications are not met. This raises questions concerning the kinds ofexpectations that users have with the applications and the factors thatdiminish trust. One factor arises from any negative risks that are associatedwith the usage of an application. There are traditional ways of assessing riskin cyber security. Again, insiders within an organization are also known tosometimes support and execute malicious attacks for which outsiders haveminimal knowledge.
As described by Colwill,”A malicious insider has the potential to cause more damage to the organization andhas many advantages over an outside attacker”. Examples ofautonomous systems include floor cleaning robots, agent software, military andprivate drones, surgery-performing robots and self-driving cars. Autonomous systemsare managed and supervised independently by a single administrator, entity, ororganization. Each autonomous system has a unique identifying label that can beused during data packet transfer between two systems.
Some autonomous systems can make decisions andperform tasks in unstructured environments with no need for human control orguidance.