Secure software design maintenance using enhanced Task-Oriented Security Maintenance (TOSIM) model

Abstract

Most software today is not secure, containing security vulnerabilities that can be exploited by people with malicious intent to cause financial and physical damage. One of the reasons for this is that most research efforts have been put into general development and maintenance processes, which have included the implementation of some models. One such model used for software maintenance is the task-oriented maintenance model. This maintenance model does not focus on how to maintain secure software. Thus, this study identifies software design issues that need to be addressed during the maintenance stage in order to enhance the task-oriented maintenance model into a task- oriented security maintenance (TOSiM) model. The proposed enhanced model aspires to avoid design vulnerabilities by taking security features into consideration. In order to adequately study the suitability of such a model, two case studies have been conducted with software industry experts, and the results have been analyzed. The analysis shows that the enhanced model can be used to train software designers and architects in how to maintain secure software designs, while decreasing vulnerability.