The road to Hell is paved with good intentions: A story of (in)secure software development

Sammendrag

In this paper, we present the results of a security assessment performed on a home care system based on SOA, realized as web services. The security design concepts of this platform were specifically tailored to meet new security challenges and to be compliant with legal frameworks applicable to the healthcare domain. This security design was fed as input to the development team,which implemented the system. However, our assessment revealed a software platform with severe security weaknesses and vulnerabilities, demonstrating pitfalls that are, or should be, well known.Our experience re-confirms that security must be built as an intrinsic software property and emphasizes the need for security awareness throughout the whole software development lifecycle.

Les publikasjonen

Kategori

Vitenskapelig kapittel

Språk

Engelsk

Forfatter(e)

Richard Sassoon
Martin Gilje Jaatun
Jostein Jensen

Institusjon(er)

SINTEF Digital / Software Engineering, Safety and Security
Norges teknisk-naturvitenskapelige universitet

År

2010

Forlag

IEEE (Institute of Electrical and Electronics Engineers)

Bok

Proceedings of the Fifth International Conference on Avaliability, Reliability and Security: ARES 2010

ISBN

9780769539652

Side(r)

501 - 506

DOI

https://doi.org/10.1109/ares.2010.44

Les fulltekst

https://hdl.handle.net/11250/2448303

Vis denne publikasjonen hos Nasjonalt Vitenarkiv

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss