Enhancing Software Security: A Research-Driven Automation Framework
Downloads
With the ever-growing dependency on software in critical systems such as healthcare, finance, transportation, and defense, among many others, the need for robust security in software has never been greater. Breaches of security, in which an undetected vulnerability was often the culprit, lead to severe financial loss, loss of reputation, and even legal action for organizations and end-users. While technology has considerably improved, conventional security practices have repeatedly have failed to address the rapid growth of complexity and dynamic nature in modern software systems. The paper presents a critical requirement for an organized and active approach toward software security for its lifetime.
We propose an automation framework driven by research that responds to these challenges by fitting into the tight cooperation of security testing tools in order to automate the detection and mitigation of vulnerabilities: it engenders a continuous improvement culture of security. This framework will be tailored to support Agile development and DevOps workflows, seamlessly embedding security in the rapid, iterative cycles of development. This framework will allow an organization to measure and improve quantitatively its security practices over time by harnessing actionable metrics and insight.
Downloads
1. Malatji, M., & Tolah, A. (2024). Artificial intelligence (AI) cybersecurity dimensions: A comprehensive framework for understanding adversarial and offensive AI. AI and Ethics, 4(1), 1–20.
2. Dissanayake, N., et al. (2022). An empirical study of automation in software security patch management. arXiv preprint arXiv:2209.01518.
3. Böhme, M., et al. (2024). Software security analysis in 2030 and beyond: A research roadmap. arXiv preprint arXiv:2409.17844.
4. Sworna, Z. T., Islam, C., & Babar, M. A. (2022). APIRO: A framework for automated security tools API recommendation. arXiv preprint arXiv:2201.07959.
5. Voggenreiter, M., et al. (2024). Automated security findings management: A case study in industrial DevOps. arXiv preprint arXiv:2401.06602.
6. Fu, M., Pasuksmit, J., & Tantithamthavorn, C. (2024). AI for DevSecOps: A landscape and future opportunities. arXiv preprint arXiv:2404.04839.
7. Chaleshtari, N. B., et al. (2022). Metamorphic testing for web system security. arXiv preprint arXiv:2208.09505.
8. Basile, C., et al. (2023). Design, implementation, and automation of a risk management approach for man-at-the-end software protection. arXiv preprint arXiv:2303.15033.
9. Almorsy, M., Grundy, J., & Ibrahim, A. S. (2018). Automated software architecture security risk analysis using formalized signatures. Automated Software Engineering, 25(2), 317–364.
10. Enoch, S. Y., et al. (2020). HARMer: Cyber-attacks automation and evaluation. arXiv preprint arXiv:2006.14352.
11. Bi, S., Lian, Y., & Wang, Z. (2024). Research and Design of a Financial Intelligent Risk Control Platform Based on Big Data Analysis and Deep Machine Learning. arXiv preprint arXiv:2409.10331.
12. Sharma, A., & Singh, P. K. (2022). Implementing zero trust security in cloud environments. In Proceedings of the IEEE International Conference on Cloud Computing (pp. 123–130).
13. Asghar, M. R., et al. (2022). Zero trust architecture for cloud-based systems. IEEE Transactions on Cloud Computing, 10(2), 789–801.
14. Zhang, L., et al. (2022). A survey on zero trust architecture in cloud computing. IEEE Transactions on Dependable and Secure Computing, 19(4), 2100–2115.
15. Wang, Y., & Liu, X. (2022). Zero trust security model for cloud computing. In Proceedings of the IEEE International Conference on Cyber Security and Cloud Computing (pp. 89–96).
16. Nair, A. (2023). The Why and How of adopting Zero Trust Model in Organizations. Authorea Preprints.
17. TN, N., Pramod, D., & Singh, R. (2023, August). Zero trust security model: Defining new boundaries to organizational network. In Proceedings of the 2023 Fifteenth International Conference on Contemporary Computing (pp. 603-609).
18. Bi, S., & Lian, Y. (2024). Advanced portfolio management in finance using deep learning and artificial intelligence techniques: Enhancing investment strategies through machine learning models. Journal of Artificial Intelligence Research, 4(1), 233-298.
19. Joo, S. H., Kim, J. M., Kwon, D. H., & Shin, Y. T. (2023). Strengthening Enterprise Security through the Adoption of Zero Trust Architecture-A Focus on Micro-segmentation Approach. Convergence Security Journal, 23(3), 3-11.
20. Pavana, B., & Prasad, S. K. (2022, October). Zero trust model: A compelling strategy to strengthen the security posture of IT organizations. In AIP Conference Proceedings (Vol. 2519, No. 1). AIP Publishing.
Copyright (c) 2024 Pushpalika Chatterjee, Apurba Das
This work is licensed under a Creative Commons Attribution 4.0 International License.
