dc.contributor.advisor | Michael A. Cusumano. | en_US |
dc.contributor.author | Zhang, Chang Tony | en_US |
dc.contributor.other | System Design and Management Program. | en_US |
dc.date.accessioned | 2006-12-18T20:40:35Z | |
dc.date.available | 2006-12-18T20:40:35Z | |
dc.date.copyright | 2006 | en_US |
dc.date.issued | 2006 | en_US |
dc.identifier.uri | http://hdl.handle.net/1721.1/35098 | |
dc.description | Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2006. | en_US |
dc.description | Includes bibliographical references (p. 88-92). | en_US |
dc.description.abstract | When people talk about software security, they usually refer to security applications such as antivirus software, firewalls and intrusion detection systems. There is little emphasis on the security in the software itself. Therefore the thesis sets out to investigate if we can develop secure software in the first place. It first starts with a survey of the software security field, including the definition of software security, its current state and the research having been carried out in this aspect. Then the development processes of two products known for their security: Microsoft IIS 6.0 and Apache HTTP Web Server are examined. Although their approaches to tackle security are seemingly quite different, the analysis and comparisons identify they share a common framework to address the software security problem - designing security early into the software development lifecycle. In the end the thesis gives recommendations as to how to design security into software development process based upon the principles from the research and the actual practices from the two cases. Finally it describes other remaining open issues in this field. | en_US |
dc.description.statementofresponsibility | by Chang Tony Zhang. | en_US |
dc.format.extent | 96 p. | en_US |
dc.format.extent | 4555630 bytes | |
dc.format.extent | 4560535 bytes | |
dc.format.mimetype | application/pdf | |
dc.format.mimetype | application/pdf | |
dc.language.iso | eng | en_US |
dc.publisher | Massachusetts Institute of Technology | en_US |
dc.rights | M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. | en_US |
dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | |
dc.subject | System Design and Management Program. | en_US |
dc.title | Designing security into software | en_US |
dc.type | Thesis | en_US |
dc.description.degree | S.M. | en_US |
dc.contributor.department | System Design and Management Program. | en_US |
dc.identifier.oclc | 71341503 | en_US |