ソフトウェアセキュリティ文献リスト(2016/3/9現在)

本ページは、IE Ver.10, Google Chromeで表示を確認しています。




ソフトウェアセキュリティ全般
  • Gary McGraw, Software Security, IEEE Security&Privacy, Vol.2, No.2, pp.80-83, 2004.
  • John Viega and Gary McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, 2002.
  • 吉岡信和,大久保隆夫,宗藤誠治,セキュリティソフトウェア工学の研究動向,コンピュータソフトウェア, Vol.16, No.5, pp.78-95, 2011.
    • ソフトウェアセキュリティ知識体系化
  • Sean Barnum and Gary McGraw, Knowledge for Software Security, IEEE Security & Privacy, Vol.3, No.2, pp.74-78, 2005.
  • Someswar Kesh and Pauline Ratnasingam, A Knowledge Architecture for IT Security, Communications of the ACM, Vol. 50 Issue 7, pp.103-108, July 2007.
  • S. Fenz, S. Parkin, and A. Van Moorsel, A Community Knowledge Base for IT Security, IT Professional, Volume 13, Issue 3, pp.24-30, 2011.
  • 櫨山淳雄, ソフトウェアセキュリティ知識体系化のための概念モデル, 情報処理学会第74回全国大会, 2012.
  • 櫨山淳雄,ソフトウェアセキュリティ知識体系化に関する研究動向,電子情報通信学会知能ソフトウェア工学研究会KBSE2011-75,pp.37-42, 2012年3月 ドラフト
    		•
    Process
  • Nancy R. Mead, 吉岡信和, SQUAREではじめるセキュリティ要求工学, 情報処理, Vol.50, No.3, pp. 193-197, 2009.
  • Common Criteria, http://www.commoncriteriaportal.org/.
  • 金子浩之, コモンクライテリアにおけるセキュリティ要求の規定の現状と課題, 情報処理, Vol.50, No.3, pp.222-229, 2009.
  • OWASP, CLASP Activities, Link, (Accessed 3 Jan. 2012)
  • Guttorm Sindre and Andreas L. Opdahl, Eliciting Security Requirements by Misuse Case, Proceedings of the 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-Pacific 2000), pp.120-131, IEEE CS Press, 2000.
  • Guttorm Sindre and Andreas. L. Opdahl, Eliciting security requirements with misuse cases, Requirements Engineering Journal, Vol.10, pp.34-44, 2005.
  • SQUARE, (Accessed 3 Jan. 2012), Link.
  • 清水啓人,櫨山淳雄,Webアプリケーション開発におけるミスユースケースを利用したセキュリティ要求獲得手法の提案,情報処理学会第73回全国大会,2011年3月.
    • セキュアなソフトウェア設計
  • Eduardo B. Fernandez, A Methodology for Secure Software Design, Software Engineering Research and Practice, pp.130-136, 2004.
  • Joshua Pauli, and Dianxiang Xu, Threat-driven architectural design of secure information systems, Proceeding of First International Workshop on Protection by Adaptation (In conjunction with the 7th International Conference on Enterprise Information Systems (ICEIS 2005)), Miami, 2005.
  • Per, H. Meland, and Jostein Jensen, Secure software design in practice, The Third International Conference on Availability, Reliability and Security (ARES2008), pp. 1164-1172, IEEE, 2008.
  • Spyros T. Halkidis, Chatzigeorgiou Alexander, and Stephanides George, Moving from requirements to design confronting security issues: A case study, On the Move to Meaningful Internet Systems: OTM 2009, pp. 798-814, Springer Berlin Heidelberg, 2009.
  • Michael E. Shin, and Hassan Gomaa, Software requirements and architecture modeling for evolving non-secure applications into secure applications, Science of Computer Programming, Vol. 66, No. 1, pp. 60-70, 2007.
  • Aleksander Dikanski, and Abeck Sebastian, A View-based Approach for Service-oriented security architecture specification, The Sixth International Conference on Internet and Web Applications and Services, St. Maarten, The Netherland Antilles, 2011.
  • 小橋孝紀, 大久保隆夫, 海谷治彦, 吉岡信和, 伊永祥太, 鷲崎弘宜, 深澤良彰, モデルテストによるセキュリティ分析・設計パターンの適用支援, コンピュータセキュリティシンポジウム 2012 論文集, 2012(3), pp. 655-662. 2012.
    • Principle
  • Sean Barnum and Michael Gegick. Build security in ? Design principles, 2005, Link, (Accessed 3 Jan. 2012).
  • Koen Buyens, Riccardo Scandariato and Wouter Joosen, Process Activities Supporting Security Principles, Proceedings of the 31st Annual International Computer Software and Applications Conference (COMPSAC2007), Vol.2, 2007.
  • Neil Daswani, Christoph Kern and Anita Kesavan, Foundations of Security -What Every Programmer Needs to Know-, APRESS, 2009.
  • Mark G. Graff and Kenneth R. V. Wyk, Secure coding: principles and practices. O’Reilly, 2003.
  • OWASP, CLASP Security Principles, Link, (Accessed 3 Jan. 2012).
  • Jerome H. Saltzer and Michael D. Schroeder, The Protection of Information in Computer Systems, Proceedings of the IEEE, 63(9), pp. 1278?1308, 1975.
  • Gary Stoneburner, Clark Hayden and Alexis Feringa, NIST Special Publication 800-27 Rev A, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A, 2004, http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf, (Accessed 3 Jan. 2012).
    • Security Pattern
  • Munawar Hafiz, Paul Adamczyk and Ralph Johnson, Growing a Pattern Language (for Security), Pattern Languages of Programs Conference 2011 (PLoP2011), 2011, http://www.hillside.net/plop/2011/papers/A-39-Hafiz.pdf, (Accessed 3 Jan. 2012).
  • Markus Schumacher, Eduardo Fernandez-Buglioni, Duane Hybertson, Frank Buschmann and Peter Sommerlad, Security Patterns: Integrating Security and Systems Engineering John Wiley & Sons, 2006.
  • Ronald Wassermann and Betty H.C. Cheng, Security Patterns, (Accessed 3 Jan. 2012), Link.
  • Andreas Wiesauer and Johannes Sametinger, A SECURITY DESIGN PATTERN TAXONOMY BASED ON ATTACK PATTERNS - Findings of a Systematic Literature Review -, Proceedings of the International Joint Conference on eBusiness and Telecommunications, INSTICC Press, pp.387-394, 2009, Link, (Accessed 3 Jan. 2012).
  • Joseph Yoder and Jeffrey Barcalow, Architectural Patterns for Enabling Application Security, Proceedings of the 4th Conference on Patterns Language of Programming (PLoP’97), 1997.
  • 吉岡信和, 鷲崎弘宜, 丸山勝久, セキュリティパターン技術に関する研究動向, 情報処理学会研究報告, 2007-SE-158, pp.39-46, 2007.
  • 吉岡信和,セキュリティの知識を共有するセキュリティパターン,情報処理, Vol.52, No.9, pp.1134-1139, 2011.
    • Guideline
  • Michael Coates, Chris Lyon and Mark Goodwin, WebAppSec/Secure Coding Guidelines, Link, (Accessed 3 Jan. 2012).
  • JPCERT/CC, セキュアコーディングスタンダード, http://www.jpcert.or.jp/java-rules/, (Accessed 3 Jan. 2012).
  • Oracle, Secure Coding Guidelines for the Java Programming Language, Version 3.0, Link (Accessed 3 Jan. 2012).
  • STRIDE, Link, (Accessed 3 Jan. 2012).
    • Rule
  • Sean Barnum, Cigital: Coding Rules Overview , 2005 (Accessed 3 Jan. 2012).
    • Attack Patten
  • Sean Barnum and Amit Sethi, Attack Patterns as a Knowledge Resource for Building Secure Software, 2007, (Accessed 3 Jan. 2012) Link.
  • Sean Barnum, Common Attack Pattern Enumeration and Classification (CAPEC) Schema Description, 2008.
  • CAPEC, Link.
  • WASC, Link, (Accessed 3 Jan. 2012).
    • Vulnerability
  • CVE: Common Vulnerabilities and Exposures, The MITRE Corporation, Link, (Accessed 3 Jan. 2012).
  • CWE: Common Weakness Enumeration, The MITRE Corporation, Link, (Accessed 3 Jan. 2012).
  • CWE, Link
    • 事例
  • Apvrille Axelle and Pourzandi Makan, Secure Software Development by Example, IEEE Security & Privacy, Vol.3, No.4, pp.10-17, 2005.