Erik Fretheim - Secure Software Systems: Design and Development

World Headquarters
Jones & Bartlett Learning
25 Mall Road
Burlington, MA 01803
978-443-5000
www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2024 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Secure Software Systems: Design and Development is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious but are used for instructional purposes only.

Production Credits

Vice President, Product Management: Marisa R. Urbano

Vice President, Content Strategy and Implementation: Christine Emerton

Director, Product Management: Ray Chew

Director, Content Management: Donna Gridley

Content Strategist: Melissa Duffy

Content Coordinator: Mark Restuccia

Director, Project Management and Content Services: Karen Scott

Manager, Program Management: Kristen Rogers

Project Manager: Belinda Thresher

Senior Digital Project Specialist: Angela Dooley

Director, Marketing: Andrea DeFronzo

Marketing Manager: Mark Adamiak

Content Services Manager: Colleen Lamy

Product Fulfillment Manager: Wendy Kilborn

Composition: Straive

Project Management: Straive

Cover Design: Briana Yates

Media Development Editor: Faith Brosnan

Rights & Permissions Manager: John Rusk

Rights Specialist: James Fortney

Cover Image (Title Page and Chapter Opener): d1sk/Shutterstock

Printing and Binding: Gasch Printing

Library of Congress Cataloging-in-Publication Data

Names: Fretheim, Erik, author. | Deschene, Marie, author.

Title: Secure software systems : design and development / Erik Fretheim, Marie Deschene.

Description: First edition. | Burlington, Massachusetts : Jones & Bartlett Learning, [2024] | Includes bibliographical references and index. | Summary: Secure Software Systems Development addresses the software development process from the perspective of a security practitioner provided by publisher.

Identifiers: LCCN 2022056380 | ISBN 9781284261158 (paperback)

Subjects: LCSH: Application softwareDevelopment. | Computer security.

Classification: LCC QA76.76.D47 S424 2024 | DDC 005.1dc23/eng/20230109

LC record available at https://lccn.loc.gov/2022056380

6048

Printed in the United States of America

272625242310987654321

d1sk/Shutterstock

Contents

d1sk/Shutterstock

Preface

The goal of this textbook is to present an approach to secure software systems design and development that tightly integrates security and systems design and development (or software engineering) together. The desire to create the book came from searching for an appropriate textbook for a secure software development course. It quickly became apparent that three types of books were available. The first was a software development/engineering book with a chapter or two of security added at the end. The second was a cybersecurity book with a chapter or two of software development/engineering added at the end. Finally, the third type of book was an A-Z ( if youre Swedish) list of all of the potential errors the authors knew about that could be included in a program, with the admonishment dont do this. None of the alternatives presented a systematic approach to applying security while going through the secure software systems development life cycle.

Security has proven to be a critical part of such software because of the ever-increasing number of attacks. Such attacks are now bold enough to target very important infrastructures such as electrical grids and pipelines. Failure of such infrastructures can lead to many deathsso security has become more important than ever. That means that security needs to be baked into the software systems development approach, not added at the end, nor it is the provenance of a specific group of security engineers or specialists.

In writing this book, we have focused on the processes, concepts, and concerns of ensuring that secure practices are followed throughout the secure software systems development life cycle, including the practice of following the life cycle rather than just doing ad hoc development. We have used specific security practices and examples as illustrations rather than a comprehensive list. If you are looking for all of the bugs that can be found in a program implemented in a specific language or tool, a book is not the proper place to look. By the time a book has gone through its publishing cycle, the issue may have already been resolved and a hundred others have taken its place.

Learning Features

The writing style of this text is practical and conversational. Each chapter begins with learning objectives. Illustrations are used to clarify the material and vary presentation. The text is sprinkled with box features to alert the reader to additional information related to the subject under discussion.

Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented. Key terms are bolded and listed at the end of each chapter and defined in a glossary at the end of the book. The instructor materials include slides in PowerPoint format and a test bank.