Security Engineering Forum
Introduction to the Security Engineering Manifesto
Security Engineering Manifesto: Introduction Current practices for developing secure systems are still closer to art than to an engineering discipline. Security is still treated as an add-on and is therefore not integrated into software development practices and tools. Experienced security artisans are still the key to achieving acceptable levels of security. Several approaches and research strands have tried to address this situation in order to introduce rigour and engineering approaches in the treatment of security aspects in information systems, mainly focusing on the development phases. Traditionally, the term security engineering has been used to denote partial approaches that cover only small parts of the processes that are required in order to create a secure system, like modelling, verification, programming, etc. Even in the cases that the approach is closer to a methodology, and has achieved a certain level of maturity, the key concepts and workflows are highly influenced by the way had been treated by the security artisans. Therefore, one finds in the literature that the main books about security engineering describe isolated techniques and lack systematic and comprehensive treatment of security that covers the complete system lifecycle. The main drawbacks of current approaches is that they fail to provide a reasonable support for systematic engineering since the identification, characterization and specification of the protection goals and the related threats as well as the selection of appropriate mechanisms and countermeasures depends on the experience of the engineers. Consequently, these approaches represent only minor improvements over the security craftsmanship era. However, they have been used for some time with uneven results. The SERENITY Day, S&D4RCES workshops and the Security Engineering Forum kick-off have been a first step to discuss these aspects and have advocated a change of paradigm based on the definition of integrated processes with well-defined goals and interfaces that combine the different techniques, methodologies and tools to support the engineering of secure systems. The goal of the Security Engineering Manifesto is to become the starting point for the definition of such integrated processes and to initiate a movement to transform security craftsmanship into security engineering.
Security Engineering Manifesto: Introduction Current practices for developing secure systems are still closer to art than to an engineering discipline. Security is still treated as an add-on and is therefore not integrated into software development practices and tools. Experienced security artisans are still the key to achieving acceptable levels of security. Several approaches and research strands have tried to address this situation in order to introduce rigour and engineering approaches in the treatment of security aspects in information systems, mainly focusing on the development phases. Traditionally, the term security engineering has been used to denote partial approaches that cover only small parts of the processes that are required in order to create a secure system, like modelling, verification, programming, etc. Even in the cases that the approach is closer to a methodology, and has achieved a certain level of maturity, the key concepts and workflows are highly influenced by the way had been treated by the security artisans. Therefore, one finds in the literature that the main books about security engineering describe isolated techniques and lack systematic and comprehensive treatment of security that covers the complete system lifecycle. The main drawbacks of current approaches is that they fail to provide a reasonable support for systematic engineering since the identification, characterization and specification of the protection goals and the related threats as well as the selection of appropriate mechanisms and countermeasures depends on the experience of the engineers. Consequently, these approaches represent only minor improvements over the security craftsmanship era. However, they have been used for some time with uneven results. The SERENITY Day, S&D4RCES workshops and the Security Engineering Forum kick-off have been a first step to discuss these aspects and have advocated a change of paradigm based on the definition of integrated processes with well-defined goals and interfaces that combine the different techniques, methodologies and tools to support the engineering of secure systems. The goal of the Security Engineering Manifesto is to become the starting point for the definition of such integrated processes and to initiate a movement to transform security craftsmanship into security engineering.