Page 384 -
P. 384
Chapter 14 Security engineering 367
The widespread use of the Internet in the 1990s introduced a new challenge for soft-
ware engineers—designing and implementing systems that were secure. As more
and more systems were connected to the Internet, a variety of different external
attacks were devised to threaten these systems. The problems of producing depend-
able systems were hugely increased. Systems engineers had to consider threats from
malicious and technically skilled attackers as well as problems resulting from acci-
dental mistakes in the development process.
It is now essential to design systems to withstand external attacks and to recover from
such attacks. Without security precautions, it is almost inevitable that attackers will com-
promise a networked system. They may misuse the system hardware, steal confidential
data, or disrupt the services offered by the system. System security engineering is there-
fore an increasingly important aspect of the systems engineering process.
Security engineering is concerned with the development and evolution of systems
that can resist malicious attacks, which are intended to damage the system or its data.
Software security engineering is part of the more general field of computer security.
This has become a priority for businesses and individuals as more and more crimi-
nals try to exploit networked systems for illegal purposes. Software engineers should
be aware of the security threats faced by systems and ways in which these threats can
be neutralized.
My intention in this chapter is to introduce security engineering to software engi-
neers, with a focus on design issues that affect application security. The chapter is
not about computer security as a whole and so doesn’t cover topics such as encryp-
tion, access control, authorization mechanisms, viruses and Trojan horses, etc. These
are described in detail in general texts on computer security (Anderson, 2008;
Bishop, 2005; Pfleeger and Pfleeger, 2007).
This chapter adds to the discussion of security elsewhere in the book. You should
read the material here along with:
• Section 10.1, where I explain how security and dependability are closely related;
• Section 10.4, where I introduce security terminology;
• Section 12.1, where I introduce the general notion of risk-driven specification;
• Section 12.4, where I discuss general issues of security requirements specification;
• Section 15.3, where I explain a number of approaches to security testing.
When you consider security issues, you have to consider both the application
software (the control system, the information system, etc.) and the infrastructure on
which this system is built (Figure 14.1). The infrastructure for complex applications
may include:
• an operating system platform, such as Linux or Windows;
• other generic applications that run on that system, such as web browsers and
e-mail clients;
• a database management system;
