The Case for Adaptive Security Interventions-Reference-Cited by-同舟云学术

The Case for Adaptive Security Interventions

Published:2022-01-31 Issue:1 Volume:31 Page:1-52
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Rauf Irum¹,Petre Marian¹,Tun Thein¹,Lopez Tamara¹,Lunn Paul²,Van Der Linden Dirk³,Towse John⁴,Sharp Helen⁵,Levine Mark⁴,Rashid Awais⁶,Nuseibeh Bashar⁷

Affiliation:

1. School of Computingand Communications, The Open University, Milton Keynes, UK

2. The University of Manchester, Manchester, UK

3. Department of Computer and Information Sciences, Northumbria University, Newcastle-upon-Tyne, UK

4. Department of Psychology, University of Lancaster, Lancaster, UK

5. School of Computing and Communications, The Open University, Milton Keynes, UK

6. Bristol Cyber Security Group, University of Bristol, UK

7. School of Computing and Communications, The Open University, UK, Lero-The Irish Software Research Centre, Republic of Ireland

Abstract

Despite the availability of various methods and tools to facilitate secure coding, developers continue to write code that contains common vulnerabilities. It is important to understand why technological advances do not sufficiently facilitate developers in writing secure code. To widen our understanding of developers' behaviour, we considered the complexity of the security decision space of developers using theory from cognitive and social psychology. Our interdisciplinary study reported in this article (1) draws on the psychology literature to provide conceptual underpinnings for three categories of impediments to achieving security goals, (2) reports on an in-depth meta-analysis of existing software security literature that identified a catalogue of factors that influence developers' security decisions, and (3) characterises the landscape of existing security interventions that are available to the developer during coding and identifies gaps. Collectively, these show that different forms of impediments to achieving security goals arise from different contributing factors. Interventions will be more effective where they reflect psychological factors more sensitively and marry technical sophistication, psychological frameworks, and usability. Our analysis suggests “adaptive security interventions” as a solution that responds to the changing security needs of individual developers and a present a proof-of-concept tool to substantiate our suggestion.

Funder

UKRI/EPSRC

NCSC

SFI

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/3471930

Reference187 articles.

1. Stack Overflow. 2019.Developer Survey Results. Retrieved from https://insights.stackoverflow.com/survey/2019. Stack Overflow. 2019.Developer Survey Results. Retrieved from https://insights.stackoverflow.com/survey/2019.

Cited by 13 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. The Rocky Road to Sustainable Security;IEEE Security & Privacy;2024-09

2. Learning to Rank Privacy Design Patterns: A Semantic Approach to Meeting Privacy Requirements;Lecture Notes in Computer Science;2024

3. Security Analysis of Low Earth Orbit Satellites Based on Different Software-Defined Networking Structure;2023 IEEE 6th International Conference on Knowledge Innovation and Invention (ICKII);2023-08-11

4. Meet your Maker: A Social Identity Analysis of Robotics Software Engineering;Proceedings of the First International Symposium on Trustworthy Autonomous Systems;2023-07-11

5. Online ontological quality assessment of converted UML class diagrams in SRE;Automated Software Engineering;2023-06-18