Score
Applying proven security controls and processes across design, development, and operations to reduce risk; doing this involves implementing least privilege and defense-in-depth, input validation and output encoding, encryption in transit and at rest, secrets management (Vault, KMS), dependency scanning, secure coding standards, patching, threat modeling and incident response planning.
High-level security properties (e.g., confidentiality, integrity) in the Software Development Life Cycle (SDLC) lack systematic refinement mechanisms, leading to semantic disconnects between these properties and concrete artifacts such as threats, defenses, and assets. Method: We propose the first SDLC-wide security property refinement taxonomy, implemented as a formal, refinable, verifiable, and traceable classification framework in Event-B. The framework integrates principles from security engineering and adaptive systems theory. Contribution: It bridges the semantic gap between high-level security objectives and mid-to-low-level security models, enabling co-evolution of security properties with threat and defense models. Rigorously verified in Event-B, the framework ensures logical consistency and correctness. It provides both theoretically sound foundations and practically actionable guidance for security requirements–driven system development.
In software development, selecting appropriate security features is challenging due to ambiguous standards, framework-specific vulnerabilities, and the absence of traceable, implementation-level security feature identifiers. Method: This paper proposes a fine-grained, implementation-oriented security feature taxonomy comprising 68 extensible characteristics; establishes systematic mappings between these features and major security standards (e.g., ISO/IEC 27001, NIST SP 800-53); and conducts reverse-engineering–driven, source-code–based feature modeling to empirically assess the support coverage of 21 widely adopted frameworks (e.g., Spring Security, OAuth 2.0). Contribution/Results: We present the first three-layer alignment—across security standards, framework capabilities, and source-code–level features—enabling precise security feature selection, implementation-level traceability, and long-term compliance auditing. The resulting taxonomy provides a structured semantic foundation and end-to-end traceability for secure software engineering.
Existing vulnerability management approaches lack systematic reasoning capabilities for the vulnerability posture during system design, hindering proactive security control design. This paper introduces the first automated vulnerability reasoning mechanism tailored for the design phase, leveraging formal modeling and automated reasoning to support end-to-end vulnerability identification, mitigation option generation, and security control specification. The mechanism is deeply integrated into an open-source security design tool and validated in real-world industrial settings: it accurately identifies applicable vulnerabilities and significantly improves both the accuracy and efficiency of security control design, thereby shifting vulnerability management from reactive response to design-driven assurance. Its core contribution lies in establishing verifiable, formal relationships among design artifacts, vulnerabilities, and security controls—addressing a critical gap in automation-enabled security left-shifting.
To address the challenges of complex security control configuration, difficult policy enforcement, and delayed response in networked systems, this paper proposes a Security Capability Model (SCM). The SCM establishes, for the first time, a computable abstract framework integrating information and data models, formally specifying rule semantics, policy parsing mechanisms, and data representations for filtering- and channel-protection–based controls. Leveraging UML/SysML modeling, Model-Driven Engineering (MDE), and a multi-granularity security control description language, the approach enables automated policy refinement, cross-heterogeneous-device (e.g., firewalls, encrypted gateways) configuration generation, and event-driven response. Experimental evaluation demonstrates a threefold improvement in policy deployment timeliness and a 40% increase in configuration accuracy, thereby filling a critical gap in the formal foundations for automated security policy enforcement.
To address the challenges of identifying static security vulnerabilities in proprietary and open-source software, unclear vulnerability remediation priorities, and escalating software supply chain risks, this paper proposes an end-to-end, customizable Static Application Security Testing (SAST) workflow. The workflow enables multi-tool orchestration, iterative scanning, and seamless DevSecOps integration, incorporating AI-driven vulnerability prioritization and automated remediation governance as key innovations. Leveraging a generalized process design with environment-adaptive configuration, it significantly improves detection coverage and remediation efficiency. Experimental evaluation in industrial settings demonstrates that the approach reduces source-code-level vulnerabilities by 32.7%, mitigates third-party component–introduced risks by 41.5%, and ensures backward compatibility with legacy systems while supporting scalable deployment across heterogeneous environments.
This study addresses the automated selection of an optimal subset of security controls from large, standardized control catalogs (e.g., ITSG-33) under budget constraints, inter-control dependencies, and heterogeneous effectiveness. Method: We propose the first approach that algebraically models control dependencies within a zero-sum game framework, formalizing attacker–defender interaction as a single two-player zero-sum game to enable scalable, interpretable, and catalog-aware control selection. Contribution/Results: A Python-based prototype tool was developed and evaluated on a Canadian military system case study. Results demonstrate significant improvements in security objective attainment and budget utilization efficiency, while providing actionable, auditable decision support for critical information infrastructure protection.
Energy-sector industrial control systems (ICS) exhibit insufficient security resilience and overreliance on reactive, post-incident remediation. Method: This paper proposes a layered, implementable Security-by-Design (SbD) framework and a deployable set of security requirements tailored to critical infrastructure. Integrating systems engineering, ICS-specific security architecture, organizational behavior principles, and continuous monitoring, the approach spans the entire lifecycle—design, development, deployment, and operations—while ensuring alignment with IEC 62443 and NIST SP 800-82. Contribution/Results: It represents the first systematic, end-to-end operationalization of SbD in energy ICS contexts, enabling a paradigm shift from passive incident response to inherent, “native immunity.” The resulting scalable, auditable, and standards-coordinated SbD implementation guide supports the development of high-assurance, resilient, and sustainably evolvable cybersecurity ecosystems.
A structural tension exists between DevOps agility and security compliance requirements—particularly IEC 62443-4-1—in critical infrastructure domains. Method: This study proposes and empirically validates RefA, a security-compliance-adapted DevOps lifecycle framework. RefA introduces actionable, non-security-expert-oriented processes via standardized security activity integration, cross-functional knowledge transfer mechanisms, and organizational change support. It employs IEC 62443-4-1–driven process modeling, longitudinal empirical research, and industrial-grade DevOps adaptation techniques, validated across multiple phases at Siemens AG. Contribution/Results: RefA demonstrably enhances product teams’ autonomous capability to implement compliant DevOps practices, strengthens security-by-design maturity, and improves delivery efficiency—thereby systematically bridging the agility–compliance gap in safety-critical contexts.
This paper addresses the problem of enforcing language-level safety supervision over unsafe processes under partial observability—where both system behavior and attacker strategies are incompletely known—and seeks to guarantee safety specifications via selective action disabling or timed action injection. Methodologically, it innovatively integrates algebraic language theory with discrete-event system modeling to propose, for the first time, a time-aware supervisory framework supporting dynamic safety correction. The paper establishes necessary and sufficient conditions for supervisor existence, rigorously characterizing its controllability, nonblockingness, and minimal intervention properties. It further proves that language-inclusion-based safety can be guaranteed even under partial observability. These results provide a formal foundation and constructive methodology for real-time safety control in resource-constrained and information-poor environments.
This paper addresses the insufficient identification and mitigation of software supply chain security risks throughout the CI/CD pipeline lifecycle. We propose a structured threat modeling methodology grounded in the STRIDE framework, applied incrementally across core infrastructure components—including GitHub, Jenkins, Docker, and Kubernetes—to cover all phases from source code management to production deployment. A novel integration of STRIDE with the SLSA maturity model enables quantitative assessment of how specific security controls elevate SLSA compliance levels. By unifying Security as Code principles with the “Shift Left–Shield Right” paradigm, our approach realizes threat-driven, automated security enforcement. The outcomes include a structured threat–control mapping matrix and an actionable CI/CD security hardening roadmap, directly supporting DevSecOps adoption and progressive SLSA compliance advancement.
Container technologies are widely adopted, yet their full lifecycle entails significant security risks; existing software engineering literature lacks systematic, empirically grounded integration of container security knowledge. To address this gap, we conducted a systematic mapping study (SMS) complemented by bibliometric analysis and thematic coding across 129 empirical studies. Our work introduces the first structured, evidence-based taxonomy of security risks for containerized systems—identifying 23 core risk categories and vulnerabilities, explicating their root causes and impacts, and synthesizing reusable mitigation strategies. Additionally, we catalog 47 security practices and tools. The taxonomy enables cross-phase risk mapping—from development through deployment—and integrates fragmented knowledge into a coherent framework. It establishes a theoretical benchmark for container security research and delivers actionable, engineering-oriented guidance for practitioners.
This study addresses the ambiguity in recognizing security debt (SD), fragmented management practices, and insufficient cross-role communication—challenges exacerbated by delivery pressure and resource constraints in software development. Through semi-structured interviews with 22 practitioners from diverse countries and roles (development, security, operations), complemented by qualitative analysis grounded in both software engineering (SE) and information security (InfoSec) perspectives, the research systematically identifies SD root causes, propagation pathways, and trade-off mechanisms. It is the first to empirically reveal significant inter-role discrepancies in security risk perception, priority assessment, and tool adoption. The study proposes an integrated framework embedding the CIA triad (Confidentiality, Integrity, Availability) into each phase of the software development lifecycle (SDLC). Findings validate the necessity of enforcing consistent security policies, dynamically balancing resources, and enabling cross-level risk communication—providing empirical foundations and actionable pathways for systemic SD governance.