Security-Focused Prototyping: A Natural Precursor to Secure Development

Sam Attwood; Nana Onumah; Katie Paxton-Fear; Rupak Kharel

doi:10.1109/CSNDSP54353.2022.9907931

Security-Focused Prototyping: A Natural Precursor to Secure Development

Sam Attwood, Nana Onumah, Katie Paxton-Fear, Rupak Kharel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Citations (Scopus)

Abstract

Secure development is often thought of as a proactive approach to cyber security. Rather than building a technological solution and then securing it in retrospect, secure development strives to embed good security practices throughout the development process and reduce risk. Unfortunately, evidence suggests secure development is complex, costly, and limited in practice. This article therefore introduces security-focused prototyping as a natural precursor to secure development. Security-focused prototyping embeds security at the beginning of the development process, can be used to discover domain-specific security requirements through active learning, and can help communicate the complexity of secure development to organizations such that the resources and commitment it requires are better understood. A case study considering the application layer of an Internet of Things system is presented and shows that security-focused prototyping has the potential to facilitate further secure development through the achievement of well-established prototyping objectives, such as communication, active learning, and reduced time/costs. Future work could build on this work by conducting additional case studies to further explore the potential of security-focused prototyping and investigating the importance of fidelity with regards to security-focused prototypes.

Original language	English
Title of host publication	2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	356-361
Number of pages	6
ISBN (Electronic)	9781665410441
ISBN (Print)	9781665410458
DOIs	https://doi.org/10.1109/CSNDSP54353.2022.9907931
Publication status	Published - 6 Oct 2022
Externally published	Yes
Event	13th International Symposium on Communication Systems, Networks and Digital Signal Processing - Porto, Portugal Duration: 20 Jul 2022 → 22 Jul 2022 Conference number: 13

Conference

Conference	13th International Symposium on Communication Systems, Networks and Digital Signal Processing
Abbreviated title	CSNDSP 2022
Country/Territory	Portugal
City	Porto
Period	20/07/22 → 22/07/22

Access to Document

10.1109/CSNDSP54353.2022.9907931Licence: Unspecified

Cite this

Attwood, S., Onumah, N., Paxton-Fear, K., & Kharel, R. (2022). Security-Focused Prototyping: A Natural Precursor to Secure Development. In 2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2022 (pp. 356-361). [9907931] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CSNDSP54353.2022.9907931

@inproceedings{fe8568c769a24bec9f0452c86db1fdc3,

title = "Security-Focused Prototyping: A Natural Precursor to Secure Development",

abstract = "Secure development is often thought of as a proactive approach to cyber security. Rather than building a technological solution and then securing it in retrospect, secure development strives to embed good security practices throughout the development process and reduce risk. Unfortunately, evidence suggests secure development is complex, costly, and limited in practice. This article therefore introduces security-focused prototyping as a natural precursor to secure development. Security-focused prototyping embeds security at the beginning of the development process, can be used to discover domain-specific security requirements through active learning, and can help communicate the complexity of secure development to organizations such that the resources and commitment it requires are better understood. A case study considering the application layer of an Internet of Things system is presented and shows that security-focused prototyping has the potential to facilitate further secure development through the achievement of well-established prototyping objectives, such as communication, active learning, and reduced time/costs. Future work could build on this work by conducting additional case studies to further explore the potential of security-focused prototyping and investigating the importance of fidelity with regards to security-focused prototypes.",

keywords = "cyber security, internet of things, prototyping, secure development, software development, software security",

author = "Sam Attwood and Nana Onumah and Katie Paxton-Fear and Rupak Kharel",

note = "Funding Information: This is a direct result of working on the ERDF Greater Manchester Cyber Foundry which is part funded by the European Regional Development Fund. Publisher Copyright: {\textcopyright} 2022 IEEE.; 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2022 ; Conference date: 20-07-2022 Through 22-07-2022",

year = "2022",

month = oct,

day = "6",

doi = "10.1109/CSNDSP54353.2022.9907931",

language = "English",

isbn = "9781665410458",

pages = "356--361",

booktitle = "2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

}

Attwood, S, Onumah, N, Paxton-Fear, K & Kharel, R 2022, Security-Focused Prototyping: A Natural Precursor to Secure Development. in 2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2022., 9907931, Institute of Electrical and Electronics Engineers Inc., pp. 356-361, 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, Porto, Portugal, 20/07/22. https://doi.org/10.1109/CSNDSP54353.2022.9907931

Security-Focused Prototyping : A Natural Precursor to Secure Development. / Attwood, Sam; Onumah, Nana; Paxton-Fear, Katie et al.

2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2022. Institute of Electrical and Electronics Engineers Inc., 2022. p. 356-361 9907931.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Security-Focused Prototyping

T2 - 13th International Symposium on Communication Systems, Networks and Digital Signal Processing

AU - Attwood, Sam

AU - Onumah, Nana

AU - Paxton-Fear, Katie

AU - Kharel, Rupak

N1 - Conference code: 13

PY - 2022/10/6

Y1 - 2022/10/6

N2 - Secure development is often thought of as a proactive approach to cyber security. Rather than building a technological solution and then securing it in retrospect, secure development strives to embed good security practices throughout the development process and reduce risk. Unfortunately, evidence suggests secure development is complex, costly, and limited in practice. This article therefore introduces security-focused prototyping as a natural precursor to secure development. Security-focused prototyping embeds security at the beginning of the development process, can be used to discover domain-specific security requirements through active learning, and can help communicate the complexity of secure development to organizations such that the resources and commitment it requires are better understood. A case study considering the application layer of an Internet of Things system is presented and shows that security-focused prototyping has the potential to facilitate further secure development through the achievement of well-established prototyping objectives, such as communication, active learning, and reduced time/costs. Future work could build on this work by conducting additional case studies to further explore the potential of security-focused prototyping and investigating the importance of fidelity with regards to security-focused prototypes.

AB - Secure development is often thought of as a proactive approach to cyber security. Rather than building a technological solution and then securing it in retrospect, secure development strives to embed good security practices throughout the development process and reduce risk. Unfortunately, evidence suggests secure development is complex, costly, and limited in practice. This article therefore introduces security-focused prototyping as a natural precursor to secure development. Security-focused prototyping embeds security at the beginning of the development process, can be used to discover domain-specific security requirements through active learning, and can help communicate the complexity of secure development to organizations such that the resources and commitment it requires are better understood. A case study considering the application layer of an Internet of Things system is presented and shows that security-focused prototyping has the potential to facilitate further secure development through the achievement of well-established prototyping objectives, such as communication, active learning, and reduced time/costs. Future work could build on this work by conducting additional case studies to further explore the potential of security-focused prototyping and investigating the importance of fidelity with regards to security-focused prototypes.

KW - cyber security

KW - internet of things

KW - prototyping

KW - secure development

KW - software development

KW - software security

UR - http://www.scopus.com/inward/record.url?scp=85140435270&partnerID=8YFLogxK

U2 - 10.1109/CSNDSP54353.2022.9907931

DO - 10.1109/CSNDSP54353.2022.9907931

M3 - Conference contribution

AN - SCOPUS:85140435270

SN - 9781665410458

SP - 356

EP - 361

BT - 2022 13th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2022

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 20 July 2022 through 22 July 2022

ER -

Security-Focused Prototyping: A Natural Precursor to Secure Development

Abstract

Conference

Access to Document

Other files and links

Cite this