CHAPTER ONE
INTRODUCTION
1.0 Introduction
The role software applications play in today’s hostile computer environment is very important. It is not uncommon to find software applications running our transportation systems, communication systems, medical equipment, banking systems, domestic appliances and other technologies that we depend on. Since many of these software applications are missions critical, the need to ensure the security of their data and other resources cannot be overlooked. The increase of attacks aimed directly at software applications in the past decades calls for software applications to be able to defend itself and continue functioning. However, when software applications are developed without security in mind, attackers take advantage of the security flaws in them to mount multiple attacks when they are deployed. To address this problem a new research field called software security emerged in the last decade with the aim of building security into software application during development. This approach views security as an emergent property of the software and much effort is dedicated into weaving security into the software all through software development life cycle (SDLC). One of the critical areas in this approach is the area of software design and security which proactively deals with attacking security problems at the design phase of SDLC. Reportedly, 50% of security problems in software products today have been found to be design flaws [1]. Design-level vulnerability has been described as the hardest category of software defect to contend with. Moreover, it requires great expertise to ascertain whether or not a software application has design-level flaws which makes it difficult to find and automate [2]. Many authors also argue that it is much better to find and fix flaws during the early phase of software development because it is more costly to fix the problem at a late stage of development and much more costly when the software has been deployed [3]. Therefore, taking security into consideration at the design phase of SDLC will help greatly in producing secured software applications. There are different approaches and tools currently used for integrating security during the phases of SDLC. However, software design security tools and technologies for automated security analysis at the design phase have been slow in coming. This is still an area where many researches are currently being undertaken. Neural Networks has been one of the technologies used during software implementation and testing phase of SDLC for software defect detection in order to intensify software reliability and it has also been used in area of application security and network security in technologies such as authentication system, cryptography, virus detection system, misuse detection system and intrusion detection systems (IDS) [4].
1.1 Statement of the Problem
The following problems necessitated this study:
High rate of software failure due to absence of security evaluation system. It is difficult to determine the security flaws in software systems manually. Little research has been conducted on software security evaluation. Absence of a software security evaluation system in many institutions.
1.2 Aim and Objectives of the Study
The aim of the study is to develop a software security evaluation management system. The following are the objectives of the study:
To develop a software system that will aid in the evaluation of the security level of software. To develop a system that can be used to maintain record of software evaluation records. To design a software system that will enable users to identify areas of security flaws after evaluation.
1.3 Scope of the Study
This study covers Development of a software security evaluation management system using Akwa Poly Digital center, Ikot Osurua as a case study. The evaluation will be conducted using CVSS (Common Vulnerability Scoring System).
1.4 Significance of the Study
This study will be significant in the following ways:
It will provide valuable information to readers and the case study on how software security evaluation is conducted. It will provide a system that will aid in the easy computation, storage and reporting of software security evaluation records. It will help in identifying security flaws in software systems. It will serve as a useful reference material for other researchers seeking related information.
1.5 Organization of the Research
This research work is organized into five chapters. Chapter one is concerned with the introduction of the research study and it presents the preliminaries, theoretical background, statement of the problem, aim and objectives of the study, significance of the study, scope of the study, organization of the research and definition of terms.
Chapter two focuses on the literature review, the contributions of other scholars on the subject matter is discussed.
Chapter three is concerned with the system analysis and design. It analyzes the present system to identify the problems and provides information on the advantages and disadvantages of the proposed system. The system design is also presented in this chapter.
Chapter four presents the system implementation and documentation. The choice of programming language, analysis of modules, choice of programming language and system requirements for implementation.
Chapter five focuses on the summary, conclusion and recommendations are provided in this chapter based on the study carried out.
1.6 Definition of Terms
Security: The condition of being protected from external negative influences.
Vulnerability: A specific weakness in the protections or defenses surrounding someone or something.
Software – Programs and applications that can be run on a computer system, e.g. word processing or database packages
Evaluation – The act of considering or examining something in order to judge its value, quality, importance, extent, or condition
System: An assembly of computer hardware, software, and peripherals functioning together to solve a common problem.