SIDE: Security-aware Integrated Development Environment

Authors

Abstract

An effective way for building secure software is to embed security into software in the early stages of software development. Thus, we aim to study several evidences of code anomalies introduced during the software development phase, that may be indicators of security issues in software, such as code smells, structural complexity represented by diverse software metrics, the issues detected by static code analysers, and finally missing security best practices. To use such evidences for vulner- ability prediction and removal, we first need to understand how they are correlated with security issues. Then, we need to discover how these imperfect raw data can be integrated to achieve a reliable, accurate and valuable decision about a portion of code. Finally, we need to construct a security actuator providing suggestions to the developers to remove or fix the detected issues from the code. All of these will lead to the construction of a framework, including security monitoring, security analyzer, and security actuator platforms, that are necessary for a security- aware integrated development environment (SIDE).

Keywords

Software Security, Integrated Development En- vironment, Software Metrics, Code Smells, Best Practices

Subject

Software Security

Related Project

METRICS: Monitoring and Measuring the Trustworthiness of Critical Cloud Systems

Conference

The 31st International Symposium on Software Reliability Engineering (ISSRE 2020) 2020