Security-Focused Prototyping: A Natural Precursor to Secure Development

Sam Attwood, Nana Onumah, Katie Paxton-Fear, Rupak Kharel

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Secure development is often thought of as a proactive approach to cyber security. Rather than building a technological solution and then securing it in retrospect, secure development strives to embed good security practices throughout the development process and reduce risk. Unfortunately, evidence suggests secure development is complex, costly, and limited in practice. This article therefore introduces security-focused prototyping as a natural precursor to secure development. Security-focused prototyping embeds security at the beginning of the development process, can be used to discover domain-specific security requirements through active learning, and can help communicate the complexity of secure development to organizations such that the resources and commitment it requires are better understood. A case study considering the application layer of an Internet of Things system is presented and shows that security-focused prototyping has the potential to facilitate further secure development through the achievement of well-established prototyping objectives, such as communication, active learning, and reduced time/costs. Future work could build on this work by conducting additional case studies to further explore the potential of security-focused prototyping and investigating the importance of fidelity with regards to security-focused prototypes.

Original languageEnglish
Title of host publication2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages356-361
Number of pages6
ISBN (Electronic)9781665410441
ISBN (Print)9781665410458
DOIs
Publication statusPublished - 6 Oct 2022
Externally publishedYes
Event13th International Symposium on Communication Systems, Networks and Digital Signal Processing - Porto, Portugal
Duration: 20 Jul 202222 Jul 2022
Conference number: 13

Conference

Conference13th International Symposium on Communication Systems, Networks and Digital Signal Processing
Abbreviated titleCSNDSP 2022
Country/TerritoryPortugal
CityPorto
Period20/07/2222/07/22

Cite this