Assurance-Level Driven Method for Integrating Security into SDLC Process

1/37
Assurance-Level Driven Method
for Integrating Security
into SDLC Process
Sooyoung Kang, Seungyeon Jeong, Seungjoo Kim
skim71@korea.ac.kr
*Corresponding Author
CIST (Center for Information
Security Technologies),
School of Cybersecurity,
Korea University
bbang814@gmail.com
Korea University
sodon513@gmail.com
Department of Automotive
Convergence,
Korea University

2/37
1. Motivation
2. Related works
3. Security-by-Design Methodology
4. Evidence-based Approach
5. CIA-Level Driven
Secure SDLC Framework
6. Case Study
7. Conclusion

4/37
1. Motivation
▪ History
1970s
2022
1980s
2015
2002
• The US government recognized that it is not possible to
improve the security of products by penetrate & patch
approach.
• The US government recognized that the product development
process itself must be systematically and strictly managed(a.k.a.
security-by-design) in order to improve the security of
products.
※ Security-by-design: to reduce the complexity of the product by considering security from the initial phase of development process to achieve trustworthiness of the
product

5/37
1. Motivation
▪ History
※ Secure SDLC(Secure Software/System Development Life Cycle): The development process containing the security-by-design philosophy
※ UNECE (United Nations Economic Commission for Europe)
• In the industry, Microsoft and IBM have been interested in
secure SDLC at first and spread it to the industry.
• The Department of Defense(DoD) demands an evaluation and
improvement of cybersecurity of weapons systems based on
operational requirements such as the Risk Management
Framework(RMF).
• UNECE requires the application of secure SDLC on vehicles by
enacting UNECE automotive cybersecurity regulation(UNECE
regulation).
1970s
2022
1980s
2015
2002

6/37
1. Motivation
▪ From the early 1970s, the U.S. government has begun to recognize that
it was impossible to improve the security of products only by
penetration testing.
• They recognized that the development process itself should be systematically and strictly
managed.
▪ From the 1980s, various standards related to the security by design
development methodology and evaluation and procurement system has
began to be published.
▪ In 2013, RMF was released aiming to manage the development and
evaluation/procurement of computer systems of military.
• According to the DoD Cyber Strategy announced in 2015, the scope of RMF has been
expanded from computer systems to advanced weapons systems.
▪ In 2020, UNECE regulation is enacted, and from 2022 vehicles that do
not comply with it cannot be exported to Europe.
Therefore, we present a specific security-by-design methodology that
security product development companies can use in the actual field by
using the Common Criteria(CC) standard.
Published standards or guidelines do not provide a detailed methodology
of security-by-design, so it is very difficult to use them in the actual field.

8/37
2. Related works
▪ Research papers
• We analyzed 84 research papers that specified secure SDLC and
analyzed 11 of them in-depth.
✓ Papers published from 2000 to 2020, and only papers published in 5 major
digital library of (i) ACM, (ii) Elsevier, (iii) IEEE, (iv) Scopus, (v) Springer.
✓ Papers with ‘SDL’, ‘SDLC’, ‘SSDLC’, ‘secure development lifecycle’, ‘secure SDLC’
as a keyword and have the subject of integration(‘integrating’, ‘mapping’).
✓ Papers that have the subject of the entire process('Process’, 'Lifecycle’), some
phases('Requirements Analysis') or some activities('Fuzz Test').
No. Year Phase Integration target
1 2002 Entire process SDLC + Security engineering
2 2007 Requirements analysis Common Criteria + requirement engineering
3 2007 Design SDLC + security design standard
4 2012 Entire process IT service lifecycle + ISMS
5 2013 Entire process Common Criteria + ISMS
6 2015 Requirements analysis/Design Security + Safety
7 2015 Entire process
Process evaluation standard + security management
guideline
8 2017
Requirements analysis/Design/
Implementation
SDLC + Security
9 2017 Entire process Secure SDLC + SDLC of small-size organization
10 2018 Verification Secure SDLC + Vulnerability analysis
11 2020 Design Secure SDLC + Risk management

9/37
2. Related works
▪ Research papers(Examples)
• Setting Expectations for CC
in the Software Development
Lifecycle(ICCC, 2008)
✓ This research performed
mapping between SDLC and CC
but does not present specific
SDLC activities.
• Verification of IVI
Over-The-Air using UML/OCL
(ICCC, 2019)
✓ This research mentioned secure
SDLC, but only covers the
requirements analysis and
design phases.

10/37
2. Related works
▪ Patents
• We analyzed 7 patents related to secure SDLC.
✓ Patents applied from 2010 to 2020.
✓ Patents with ‘SDL’, ‘SDLC’, ‘SSDLC’, ‘secure development lifecycle’, ‘secure
SDLC’ as a keyword and have the subject of the entire process('Process’,
'Lifecycle’), some phases('Requirements Analysis') or some activities('Fuzz
Test').
No. Year Phase Description
1 2012 Requirements analysis/Design Threat modeling method and tool
2 2012 Implementation Development automation solution
3 2013 Entire process Risk-based Secure SDLC
4 2018 Entire process SDLC of SIM
5 2018 Requirements analysis/Design Access control solution of security device
6 2019 Operation Solution for risk identification
7 2020 Entire process
Solution for account and authority
management
It was confirmed that only some phases were covered
(such as the requirements analysis or design phase) or
the integrated security activities were not specific.

11/37

12/37
▪ Well-known secure SDLC standards and guidelines are extended
and utilized in various fields from 2004.
Security system
Advanced weapon
systems
Vehicle
MS SDL
RMF
NIST SSDLC
SAE J3061
Secure SDLC developed by Microsoft and applied
directly to operating systems and database products
Secure SDLC that combines security and risk
management concepts as a prerequisite to comply with
FISMA(Federal Information Security Management Act).
Secure SDLC on Software and hardware
developed by NIST
Secure SDLC Guideline suggesting ways to ensure the
security of automotive development
CSA SDF Secure SDLC established by the Singapore government
Industry-wide
McGraw
Touchpoints
SAFECode
OWASP CLASP
Secure SDLC containing only the 7 most important items
to minimize the burden of the development process
Secure SDLC presented based on best practices of
enterprises security development
Secure SDLC to strengthen security in the early phases
with 5 views and 24 activities
OWASP SAMM
Security development maturity model
developed by OWASP
CIGITAL BSIMM
Security development maturity model
performed by CIGITAL

13/37
▪ Well-known secure SDLC standards and guidelines are extended
and utilized in various fields from 2004.
MS SDL
(2004~)
OWASP CLASP
(2006~2016)
SAFECode
(2008~)
McGraw
Touchpoints
(2004~2006)
NIST RMF
(2013~)
NIST SSDLC
(2008~2019)
SAE J3061
(2016~)
Touchpoints – CLASP – SAMM – BSIMM (2004 ~ current)
MS SDL (2004 ~ current)
NIST SSDLC (2008 ~ current)
SAFECode (2008 ~ current)
BSIMM
(2009~)
OWASP
SAMM
(2009~2017)
RMF (2013 ~ current)
SAE J3061 (2016 ~ current)
CSA SDF
(2017~)
CSA SDF (2017 ~ current)

14/37

15/37
▪ Advantages of evidence-based approach
• Since secure SDLC standards and guidelines only present an abstract
list of security activities, it is difficult for development companies to
use them in the actual field.
• Evidence-based approaches such as CC, ISMS, and PIMS define
detailed security activities.
• Especially, CC is suitable for specifying secure SDLC as the
requirements for outputs are specified in detail.
▪ Representative evidence-based approaches
• CC(Common Criteria) - ISO/IEC 15408
✓ Criteria for evaluating the security and reliability of IT systems
• ISMS(Information Security Management System) - ISO/IEC 27001
✓ Criteria for evaluating an information protection management system of
the enterprise to ensure confidentiality, availability, and integrity
• PIMS(Privacy Information Management System) - ISO/IEC 27701
✓ Criteria for evaluating the personal information protection management
system to protect personal information held by companies

16/37
▪ CC(Common Criteria) - ISO/IEC 15408
• We utilized a total of 63 assurance requirements components in CC
Part 3 and CEM.
Category Num
ISO/IEC
15408 -
CC
1. Security
Target(ASE)
ASE_CCL, ASE_ECD, ASE_INT, ASE_OBJ,
ASE_REQ, ASE_SPD, ASE_TSS
10
2. Development
(ADV)
ADV_ARC, ADV_FSP, ADV_IMP, ADV_INT,
ADV_SPM, ADV_TDS
19
3. Guidance(AGD) AGD_PRE, AGD_OPE 2
4. Life cycle
support(ALC)
ALC_CMC, ALC_CMS, ALC_DEL, ALC_DVS,
ALC_FLR, ALC_LCD, ALC_TAT
18
5. Test(ATE)
ATE_COV, ATE_DPT,
ATE_FUN, ATE_IND
9
6. Vulnerability
assessment(AVA)
AVA_VAN 5
Total 63 assurance requirements components

17/37
▪ ISMS(Information Security Management System) - ISO/IEC 27001
• We utilized a total of 104 detailed evaluation items of ISMS.
Category Num
ISO 27001 -
ISMS
1. Security policy 6
2. Organization of information security 4
3. Outsider security 3
4. Information Asset Classification 3
5. Security training 4
6. Human resource security 5
7. Physical security 9
8. System development security 10
9. Encryption control 2
10. Access control 14
11. Operation security 22
12. Information security incident management 7
13. IT incident recovery 3
14. Information security management 12
Total 104 detailed check items

18/37
▪ PIMS(Personal Information Management System) - ISO/IEC 27701
• We utilized a total of 54 detailed evaluation items of PIMS.
Category Num
ISO/IEC
27701
- PIMS
1. PIMS of the target organization 8
2. PIMS of the target system 6
3. Step-by-step protection method of the privacy 12
4. Technical protection method of the target system 19
5. Privacy protection when using specific IT technology 9
Total 54 detailed assessment items
Detailed security activities were derived by combining a total of 221
detailed assessment items from CC, ISMS, and PIMS.

19/37
5. CIA-Level Driven
Secure SDLC Framework

20/37
5. CIA-Level Driven Secure SDLC Framework
▪ Security-by-Design
• To reduce the complexity of a product by considering security from
the early phases of development(such as requirements analysis or
design) and consequently to achieve the product's trustworthiness.
• The trustworthiness is to achieve all aspects of the correctness, safety,
and security of the product's functions.
▪ CIA
• Trustworthiness which is the goal of security-by-design can be named
after CIA.
Functional
Correctness
Safety
Integrity
Security
Assurance+ +
CIA-Level Driven Secure SDLC Framework

21/37
▪ CIA-Level Driven Secure SDLC Framework(CIA-Level Framework)
• Security-by-design methodology integrating secure SDLCs and
evidence-based approaches
• It combines 10 types of secure SDLCs and 3 types of evidence-based
approaches.
• It specialized the secure SDLC to derive related processes, security
activities, detailed security activities, and evidence templates.
※ Evidence-based Standards: A standard that provides a concrete way of
performing a process by presenting detailed requirements(such as evidences,
detailed activities, etc.) for each activities of the development process
※ CC(Common Criteria, ISO 15408)
※ PIMS(Privacy Impact Management System, ISO 27701)
※ ISMS(Information Security Management System, ISO 27001)
※ FSMS(Functional Safety Management System, ISO 26262)
• Microsoft SDL
• NIST SSDLC
• CSA SDF
• SAFECode
• MgGraw
Touchpoints
• OWASP CLASP
• Cigital BSIMM
• OWASP SAMM
• NIST RMF
• SAE J3061
Secure SDLC
• CC
• PIMS
Evidence-based
security approach
• ISMS
• FSMS
Customized Secure
SDLC Process,
Activities, Evidence
Templates
CIA-Level Driven
Secure SDLC
Framework

22/37
▪ CIA-Level Framework
• It quantitatively analyzes the difference in the level of secure SDLC
process between enterprises and their competitors.
• It can be useful when the enterprise wants to build secure SDLC in
the actual field by easily deriving requirements(security activities,
detailed security activities, and evidence templates) to build secure
SDLC at the desired level.
3.
CIA-Level
Extractor
4.
Customized
Secure SDLC
Constructor
1.
Activity-Evidence
Mapper
Standards, Laws, Rules, and Regulations
Customized Secure SDLC Process, Activities, Detailed Activities, Evidence Templates
• Standards, Laws, Rules, and Regulations: Common Criteria, ISMS, PIMS etc
• Activity-Evidence Mapper: Mapping Secure SDLC activities and evidences by CIA-Level
Target Market

23/37
▪ Module that maps secure SDLCs and evidence-based approaches
• It maps 10 types of secure SDLC standards and guidelines that are widely used
in each field.
✓ It compares and analyzes those secure SDLCs and generalizes them into 10 phases.
✓ It derives 66 security activities by summing up all the security activities that need to
be performed in each phase and removing redundant security activities.
Activity-Evidence Mapper
Analyze and normalize all the activities of each phase of every standard
Integrate them into one single Secure SDLC
Map secure SDLC and the SAR components of CC to the normalized activities
Define detailed activities and build a template for each normalized activity
Supplement the unmapped activities with other standards
Standards, Laws, Rules, and Regulations
Integrated Secure SDLC Process with detailed activities and evidence templates
CC, CEM
ISMS, PIMS,
etc.
※ SAR(Security Assurance Requirements), CEM(Common Evaluation Methodology)

24/37
▪ Integrated Secure SDLC - Security activities
• CIA-Level Framework consists of a total of 66 activities for 10 phases
and 28 evidence templates.
1.
Security
Training
2.
Initiation
3.
Requirements
analysis
4.
Acquisition
5.
Design
6.
Implement-
ation
7.
Verification
8.
Production&
Release
9.
Operation
10.
Disposal
1.1
Basic security
training
3 9 9 3 12 3 8 7 7 5
1.2
Advanced security
training
1.3
Plan training
schedules
2.1
Project
categorization
2.2
Role
identification
2.3
Project tools
selection
2.4
Security
requirements
source identification
2.5
Minimum quality
level definition
2.6
Prepare
compensation
system for handling
security issues
2.7
Plan project
schedule
2.8
Security goals
setting by field
2.9
Verifying
consistency &
completeness of
goals
3.1
Estimating scope of
project security
analysis
3.2
Impact assessment
for privacy
3.3
Impact assessment
for business
3.4
Impact assessment
for safety
3.5
Existing software
assessment
3.6
Functional
requirements
elicitation
3.7
Security
requirements
elicitation
3.8
Conformity &
conflict check
on requirements
by field
3.9
Verifying
requirements based
on security goals
4.1
Plan third-party
components
acquisition
4.2
Requirements
definition for third-
party components
4.3
Assessment & test
for third-party
components
10.1
Transfer & disposal
procedure planning
10.2
Important
information disposal
10.3
Media Erase
10.4
Hardware and
software disposal
10.5
System shutdown
9.1
Monitoring
planning
9.2
Continuous
monitoring
9.3
Vulnerability report
9.4
Vulnerabilities
assessment
9.5
Solution
establishment
9.4
Vulnerability
disclosure &
patch/update
9.5
Configuration
management after
release
8.1
Final
security review
8.2
Final
privacy review
8.3
Requirements
elicitation for
production
8.4
Production
procedure
determination
8.5
Verification of
production
8.4
Accident response
planning
8.5
Security review for
deployment
procedure
7.1
Final
security review
7.2
Final
privacy review
7.3
Requirements
elicitation for
production
7.4
Production
procedure
determination
7.5
Verification of
production
7.6
Accident response
planning
7.7
Security review for
deployment
procedure
7.8
Security review for
deployment
procedure
5.1
Functions & design
specification
5.2
Compliance with
design best practices
and principles
5.3
Structural design for
the integration
process
5.4
Asset identification
5.5
Create data flow
diagram
5.6
Threat elicitation
5.7
Attack Library
Collection
5.8
Risk analysis
by field
5.9
Mitigation elicitation
by field
5.10
Privacy analysis
5.11
Use case and misuse
case identification
5.12
Verifying design
based on
requirements
6.1
Compliance with
secure coding
guidelines
6.2
Creation for
deployment guide
document and tools
6.3
Implementation
verification
according to design

25/37
▪ Integrated Secure SDLC - Evidence templates
Phase Evidence Num. Phase Evidence Num.
1
Security
Training
• Security training plan
• Training attendee list
2 6
Impleme-
ntation
• Source code
• Unit test plan and test scenario
• Unit test results
3
2 Initiation
• Current process analysis
• Current system analysis
• Project plan
• Software Requirements Specification
4 7 Verification
• Integrated/system/acquisition test plan
and test scenario
• Integrated/system/acquisition test results
• Vulnerability analysis
3
3
Require-
ments
Analysis
• Impact assessment
• Interface definition
2 8
Production
& Release
• Rehearsal plan and rehearsal result
• Release request
• Emergency incident response plan
• Emergency accident response result
4
4 Acquisition • Acquisition confirmation document 1 9 Operation
• Preparation result
• Operator instructions
• User guide
• Vulnerability Response Plan
• Vulnerability patch result
5
5 Design
• Software design specification
• Software architecture design and
System architecture design
specification
• Integrated test plan and integrated
test scenario
3 10 Disposal
• System execution plan and system
execution result
1

26/37
▪ Integrated Secure SDLC - Security activities and evidence templates
Phase
1. Security
Training
2. Initiation
3. Requirements
Analysis
4. Acquisition
5. Design
6. Implementation
7. Verification
8. Release
9. Operation
10. Disposal
Description
Basic and advanced training on Security/privacy(3)
Project categorization and security planning(9)
Security/privacy impact assessment
and security requirements elicitation(9)
Acquisition plans establishment and verification
of third-party components(3)
Threat modeling and
security architecture design/verification (12)
System implementation and static analysis(3)
Static/Dynamic analysis and penetration test(8)
Final security/privacy review and deployment(7)
Continuous monitoring and security patch(7)
Hardware and software disposal(5)
Evidence template
Security training
plan/Training attendee list(2)
Project plan(4)
Security requirements(2)
Acquisition confirmation
document(1)
Security architecture(3)
Source code(3)
Test results/Vulnerability
analysis(3)
Final security review(4)
Vulnerability patch results(5)
System execution results(1)

27/37
▪ Database that stores the mapping results and related details of Activity-
Evidence Mapper
• Database consists of a 4-table scheme.
✓ Table of 10 generalized secure SDLC phases
✓ Table of 66 security activities that must be performed at each phase
✓ Table of detailed security activity lists and descriptions
✓ Table of document templates that need to be produced
Database
Database
scheme
Integrated
Secure SDLC
Phase
Activities
Detailed Activities
Evidence
Document
Templates
CC
(SAR
&
CEM)
ISMS PIMS
AAA
BBB
CCC
DDD

28/37
▪ CIA-Level Extractor: Module that extracts the CIA-Level of a company's
secure SDLC
• It quantitatively analyzes the security activities of the secure SDLC and
calculates CIA-Level.
✓ CIA-Level: Indicator of trustworthiness that composed of Level 1 to Level 7
✓ It means that the secure SDLC is systematically and strictly managed as the level
increases.
▪ GAP Analyzer: Module that analyzes the gap of secure SDLC level between
the company and its competitors
Integrated
Secure
SDLC
Phase
Activities
Detailed Activities
Evidence
Document
Templates
CC
(SAR &
CEM)
ISMS PIMS
AAA
BBB
CCC
DDD
CIA-Level Extractor & GAP Analyzer
Predict competitor’s secure SDLC process, Activities, Detailed Activities etc.
Analyze the differences of each activity between the company and competitors
Gap Analysis Report
Average CIA-level of Competitor’s Flagship Products
Company’s secure
SDLC Process,
Activities, Detailed
Activities,
Evidences, Tools, etc.

29/37
▪ Module that provides detailed information on the level desired by the
company
• It provides secure SDLC process, security activities, detailed security activities,
and evidence templates.
✓ It quantitative analyze on only relevant security activities out of a total of 66 security
activities, considering the business sector and characteristics.
✓ It ensures traceability of the entire Secure SDLC by easily deriving documents that
need to be produced.
Customized Secure SDLC Constructor
Select the phases according to the characteristics of the
products of the company
Choose the detailed activities and the evidence templates
according to CIA level
Customized Secure SDLC Process, Activities, Detailed Activities Evidence Templates
CIA-Level Database

31/37
6. Case Study
▪ To prove the effectiveness of the CIA-Level Framework, we applied it to a
representative software development company(A) in Korea.
▪ We selected competitors of company A and performed the following
process.
• After selecting the competitor as Microsoft, we selected CIA-Level 4 based on
the CC certification cases.
1. Identify the characteristics of the enterprise
2. Select competitors based on the result of #1
3. Deviate average CIA-level of competitors
4. Select phase and security activities associated with the enterprise
5. Deviate CIA-level for each enterprise security activity
6. Analyze secure SDLC level gap between competitor and enterprise
7. Elicit gap analysis report and result graph
8. Share analysis results to security managers
8. Select CIA-level that enterprise wants
10. Provide suitable secure SDLC process, security activities, detailed
security activities, artifacts, etc
Product name EAL Year
DB
Microsoft SQL Server 2014 EAL2+ 2015
Microsoft SQL Server 2016
Database Engine Enterprise Edition
EAL2+ 2017
OS
Microsoft Windows 10 EAL1 2016
Windows 10 Anniversary Update
and Microsoft Windows Server
2016
EAL1 2017
Microsoft Windows 10 EAL1 2018
Windows 10 and Windows Server EAL1 2018
Windows 10 and Windows Server EAL1 2019
Windows 10 and Windows Server
2019 version 1809
EAL1 2019
Windows 10 and
Server version 1903
EAL1 2019

32/37
6. Case Study
▪ We selected 8 of the 10 phases: security training, initiation, requirements
analysis, design, implementation, verification, release, and operation.
• Out of 66 security activities, 58 were selected, and company A determined
that only 6 out of 58 security activities had the same level as Microsoft.
▪ We suggested a secure SDLC suitable for company A by applying CIA-
Level Framework.
• Afterward, the effectiveness of the framework has been proved as company A
applied the improved process to the actual environment.
0
1
2
3
4
5
6
7
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
Level
Activity
Company A
Microsoft
Security
Training
Initiation
Requirements
Analysis
Design
Implemen
-tation
Verification Release Operation

34/37
7. Conclusion
▪ Since the 1980s, the US government has recognized that the
development process must be systematically and strictly managed
to improve security.
▪ Afterward, Secure SDLC which applies the security-by-design
philosophy has begun to be used.
• However, it is difficult to use them in the actual field since they are
too general.
▪ In this study, we proposed a CIA-Level Framework that derives
detailed secure SDLC by integrating existing secure SDLCs and
evidence-based approaches.
▪ By applying CIA-Level Framework to a representative software
development company, the effectiveness of CIA-Level Framework
was verified.

35/37
Reference
1. Abdo, H., et al. "A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie–combining new version of attack tree with bowtie analysis."
Computers & Security 72 (2018): 175-195.
2. Apvrille, Ludovic, and Letitia W. Li. "Harmonizing safety, security and performance requirements in embedded systems." 2019 Design, Automation & Test in Europe
Conference & Exhibition (DATE). IEEE, 2019.
3. Asplund, Fredrik, et al. "Rapid Integration of CPS Security and Safety." IEEE Embedded Systems Letters 11.4 (2018): 111-114.
4. Bhalla, Nishchal, et al. "Security risk identification in a secure software lifecycle." U.S. Patent Application No.15784072. 2019
5. Bramberger, Robert, et al. "Co-engineering of Safety and Security Life Cycles for Engineering of Automotive Systems." ACM SIGAda Ada Letters 39.2 (2020): 41-48.
6. Brunner, Michael, et al. "Towards an integrated model for safety and security requirements of cyber-physical systems." 2017 IEEE International Conference on Software
Quality, Reliability and Security Companion (QRS-C). IEEE, 2017.
7. Casola, Valentina, et al. "A novel Security-by-Design methodology: Modeling and assessing security by SLAs with a quantitative approach." Journal of Systems and
Software 163 (2020): 110537.
8. Chen, Earl, et al. "Designing security into software during the development lifecycle." U.S. Patent Application No. 13619581. 2013.
9. Chowdhury, Thomas, et al. "Safe and secure automotive over-the-air updates." International Conference on Computer Safety, Reliability, and Security. Springer, Cham,
2018.
10. Cigital, "Building Security in Maturity Model 1.0."
11. CSA, “Security by Design Framework version 1.0”. 2017
12. Dobaj, Jürgen, et al. "Towards Integrated Quantitative Security and Safety Risk Assessment." International Conference on Computer Safety, Reliability, and Security.
Springer, Cham, 2019.
13. Fowler, Daniel S., et al. "A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example." 2019 IEEE 19th International Conference on
Software Quality, Reliability and Security Companion (QRS-C). IEEE, 2019.
14. Futcher, Lynn, and Rossouw von Solms. "SecSDM: a model for integrating security into the software development life cycle." IFIP World Conference on Information
Security Education. Springer, New York, NY, 2007.
15. Geismann, Johannes, Christopher Gerking, and Eric Bodden. "Towards ensuring security by design in cyber-physical systems engineering processes." Proceedings of
the 2018 International Conference on Software and System Process. 2018.
16. Huang, Kaixing, et al. "Assessing the physical impact of cyberattacks on industrial cyber-physical systems." IEEE Transactions on Industrial Electronics 65.10 (2018):
8153-8162.
17. ISO/IEC 15408, "Information technology - Security techniques - Evaluation criteria for IT security(CC)."
18. ISO/IEC 27001, "Information Security Management(ISMS)."
19. ISO/IEC 27701, "Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management (PIMS).“
20. Koschuch, Manuel, et al. "Safety & Security in the Context of Autonomous Driving." 2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE). IEEE,
2019.
21. Kriaa, Siwar, et al. "A survey of approaches combining safety and security for industrial control systems." Reliability engineering & system safety 139 (2015): 156-178.
22. Kriaa, Siwar, et al. "A survey of approaches combining safety and security for industrial control systems." Reliability engineering & system safety 139 (2015): 156-178.
23. Lee, Younghwa, Jintae Lee, and Zoonky Lee. "Integrating software lifecycle process standards with security engineering." Computers & Security 21.4 (2002): 345-355.
24. Lisova, Elena, Irfan Šljivo, and Aida Čaušević. "Safety and security co-analyses: A systematic literature review." IEEE Systems Journal 13.3 (2018): 2189-2200.
25. Mellado, Daniel, Eduardo Fernández –Medina, and Mario Piattini. " A common criteria based security requirements engineering process for the development of secure
information systems." Computer standards & interfaces 29.2 (2007): 244-253.
26. Mesquida, Antoni Lluís, and Antonia Mas. "Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 Security Extension."
Computers & Security 48 (2015): 19-34.
27. Michailidis, Alexander, et al. "Test front loading in early stages of automotive software development based on AUTOSAR." 2010 Design, Automation & Test in Europe
Conference & Exhibition (DATE 2010). IEEE, 2010.
28. Microsoft, "Security Development Lifecycle - SDL Process Guidance Version 5.2", 2012

36/37
Reference
29. Mir, Talhah Munawar, et al. "Threat analysis and modeling during a software development lifecycle of a software application." U.S. Patent No.8091065. 2012.
30. Mohammed, Nabil M., et al. "Exploring software security approaches in software development lifecycle: A systematic mapping study." Computer Standards &
Interfaces 50 (2017): 107-115.
31. Morrison, Patrick, et al. "Mapping the field of software life cycle security metrics." Information and Software Technology 102 (2018): 146-159.
32. Nayerifard, Tahereh, Nasser Modiri, and Sam Jabbehdari. "An Approach for Software Security Evaluation Based on ISO/IEC 15408 in the ISMS Implementation."
International Journal of Computer Science and Information Security 11.9 (2013): 7.
33. NIST, "NIST Special Publication 800-37 Revision 2 – Risk Management Framework for Information Systems and Organizations."
34. Oka, Dennis Kengo, Tommi Makila, and Rikke Kuipers. "Integrating Application Security Testing Tools into ALM Tools in the Automotive Industry." 2019 IEEE 19th
International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE, 2019.
35. OWASP, "Comprehensive, Lightweight Application Security Process."
36. OWASP, "Software Assurance Maturity Model 2.0 – A guide to building."
37. Pricop, Emil, Sanda Florentina Mihalache, and Jaouhar Fattahi. "Innovative fuzzy approach on analyzing industrial control systems security." Recent Advances in
Systems Safety and Security. Springer, Cham, 2016. 223-239.
38. Sabaliauskaite, Giedre, Sridhar Adepu, and Aditya Mathur. "A six-step model for safety and security analysis of cyber-physical systems." International Conference on
Critical Information Infrastructures Security. Springer, Cham, 2016.
39. SAE, "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems”
40. SAFECode, “Fundamental Practices for Secure Software Development 2nd Edition”
41. Sánchez-Gordón, Mary-Luz, et al. "Towards the Integration of Security Practices in the Software Implementation Process of ISO/IEC 29110: A Mapping." European
Conference on Software Process Improvement. Springer, Cham, 2017.
42. Schilder, Marius, et al. "Secure device state apparatus and method and lifecycle management." U.S. Patent No.10223531. 2018.
43. Schmittner, Christoph, Zhendong Ma, and Erwin Schoitsch. "Combined safety and security development lifecylce." 2015 IEEE 13th International Conference on
Industrial Informatics (INDIN). IEEE, 2015.
44. Sheikhpour, Razieh, and Nasser Modiri. "A best practice approach for integration of ITIL and ISO/IEC 27001 services for information security management." Indian
journal of science and technology 5.2 (2012): 2170-2176.
45. Silke Holtmanns and Rune Lindholm, "Enhanced lifecycle management of security module", Patent Application No.CN103988530A. 2018.
46. Skoglund, Martin, Fredrik Warg, and Behrooz Sangchoolie. "In Search of Synergies in a Multi-concern Development Lifecycle: Safety and Cybersecurity." International
Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2018.
47. Takahira, Ricardo Y., et al. "Scrum and Embedded Software development for the automotive industry." Proceedings of PICMET'14 Conference: Portland International
Center for Management of Engineering and Technology; Infrastructure and Service Integration. IEEE, 2014.
48. Tiirik, Karl. "Comparison of SDL and Touchpoints." Last retrieved 11 (2004): 16-18.
49. United States Congress, "NIST SP 800-64 Revision 2 – Security Considerations in the System Development Life Cycle", 2019
50. Verma, Siddhartha, et al. "Combined Approach for Safety and Security." International Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2019.
51. Vincent, Benjamin, and Ariel Gordon. "Security configuration lifecycle account protection for minors." U.S. Patent Application No.16022554. 2020
52. Wilcock, Lawrence, et al. "Automated lifecycle management of a computer implemented service." U.S. Patent No.8312419. 2012.
53. Wolff, Carsten, et al. "AMALTHEA—Tailoring tools to projects in automotive software development." 2015 IEEE 8th International Conference on Intelligent Data
Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). Vol. 2. IEEE, 2015.
54. Yi, Shengwei, et al. "A safety-security assessment approach for communication-based train control (cbtc) systems based on the extended fault tree." 2018 27th
International Conference on Computer Communication and Networks (ICCCN). IEEE, 2018.
55. Young, William, and Nancy G. Leveson. "An integrated approach to safety and security based on systems theory." Communications of the ACM 57.2 (2014): 31-35.
56. Zhang, Yanan, et al. "Test and Evaluation System for Automotive Cybersecurity." 2018 IEEE International Conference on Computational Science and Engineering (CSE).
IEEE, 2018.

37/37
Assurance-Level Driven Method
for Integrating Security
into SDLC Process
Sooyoung Kang, Seungyeon Jeong, Seungjoo Kim
skim71@korea.ac.kr
*Corresponding Author
Korea University
bbang814@gmail.com
Korea University
sodon513@gmail.com
Department of Automotive
Convergence,
Korea University
This research was supported by the MSIT(Ministry of Science and ICT), Korea,
under the ITRC(Information Technology Research Center) support program(IITP-
2020-2015-0-00403)supervised by the IITP(Institute for Information
&communications Technology Planning &Evaluation)

Assurance-Level Driven Method for Integrating Security into SDLC Process

More Related Content

What's hot (20)

Similar to Assurance-Level Driven Method for Integrating Security into SDLC Process (20)

More from Seungjoo Kim (20)

Recently uploaded (20)

Assurance-Level Driven Method for Integrating Security into SDLC Process