A general scheme of software development process is considered and some aspects related to integrating security into this scheme are analyzed. In particular, semantic-based, defense-in-depth techniques embedded into system/component defense shields and data acquiring/monitoring kernels are considered. The defense shields are to semantically check data of every input before a software component may process them and also to check every output before sending it to other components. The kernels are to regularly perform semantic analysis of the internal status and local data of a component/system. Based on these two ideas, real-time discovery of vulnerabilities and threats is possible even when various protective measures, such as, passwords, firewalls, intrusion detection systems, access control lists, etc. have been breached. Existing programming systems and possible new methods to realize the shields and kernels are also considered.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 firstname.lastname@example.org
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 email@example.com