{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T15:15:26Z","timestamp":1781104526152,"version":"3.54.1"},"reference-count":45,"publisher":"IGI Global Scientific Publishing","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,7]]},"abstract":"<jats:p>This work suggests a multilevel support to software developers, who often lack knowledge and skills on how to proceed to develop secure software. In fact, developing software with such quality is a hard and complex task that involves many additional security-dedicated activities which are usually omitted in traditional software development lifecycles or integrated but not efficiently and appropriately deployed in some others. To federate all these software security-assurance activities in a structured way and provide the required guidelines for choosing and using them in a flexible development process, authors used meta-modeling techniques and dynamic process execution that consider developer's affinities and product's states. The proposed approach formalizes existing secure software development processes, allows integration of new ones, prevents ad-hoc executions and is supported by a tool to facilitate its deployment. A case study is given here to exemplify the proposed approach application and to illustrate some of its advantages.<\/jats:p>","DOI":"10.4018\/ijsse.2014070104","type":"journal-article","created":{"date-parts":[[2014,11,6]],"date-time":"2014-11-06T09:18:04Z","timestamp":1415265484000},"page":"56-74","source":"Crossref","is-referenced-by-count":4,"title":["Meta-Modeling Based Secure Software Development Processes"],"prefix":"10.4018","volume":"5","author":[{"given":"Mehrez","family":"Essafi","sequence":"first","affiliation":[{"name":"RIADI Laboratory, National School for Computer Science Studies, University of Manouba, Tunis, Tunisia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Henda","family":"Ben Ghezala","sequence":"additional","affiliation":[{"name":"RIADI Laboratory, National School for Computer Science Studies, University of Manouba, Tunis, Tunisia"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"2432","reference":[{"key":"ijsse.2014070104-0","doi-asserted-by":"crossref","unstructured":"Alkussayer, A., & Allen, W. H. (2010). The ISDF Framework: Towards Secure Software Development. Journal: Journal of Information Processing Systems - JIPS, 6(1), 91-106. Retrieved from http:\/\/jips-k.org\/dlibrary\/JIPS_v06_no1_paper08.pdf","DOI":"10.3745\/JIPS.2010.6.1.091"},{"key":"ijsse.2014070104-1","author":"J. H.Allen","year":"2008","journal-title":"Software security engineering: A guide for project managers"},{"key":"ijsse.2014070104-2","author":"E. G.Amoroso","year":"1994","journal-title":"Fundamentals of computer security technology"},{"key":"ijsse.2014070104-3","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.103"},{"key":"ijsse.2014070104-4","unstructured":"Carnegie Mellon University (2012, July 31). SQUARE. Retrieved November 17, 2013, from http:\/\/www.cert.org\/sse\/square.html"},{"key":"ijsse.2014070104-5","unstructured":"Common Criteria: New CC Portal. (2012, September 1). Retrieved November 17, 2013, from http:\/\/www.commoncriteriaportal.org"},{"key":"ijsse.2014070104-6","unstructured":"ComScore Inc. (2013, July). 2013 trustworthy computing survey, part 2: Less than half of developers use a security application process. Computing Usage and Attitudes among IT Professionals. Retrieved from http:\/\/www.cdmn.ca\/wp-content\/uploads\/2013\/09\/TiC-Dev-July-2013.pdf"},{"key":"ijsse.2014070104-7","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2007.477"},{"key":"ijsse.2014070104-8","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2008.42"},{"key":"ijsse.2014070104-9","doi-asserted-by":"crossref","unstructured":"DeWin, B., Scandariato, R., Buyens, K., Gr\u00e9goire, J., & Joosen, W. (2009). On the secure software development process: CLASP, SDL and Touchpoints compared. Journal Information and Software Technology archive, 51(7), 1152-1171.","DOI":"10.1016\/j.infsof.2008.01.010"},{"key":"ijsse.2014070104-10","unstructured":"Essafi, M., Labed, L., & Ben Ghezala, H. (2007). Sandro Morasca (Chair). S2d-ProM: A strategy oriented process model for secure software development. In Proceedings of The Second International Conference on Software Engineering Advances (pp. 24-29). doi: http:\/\/doi.ieeecomputersociety.org\/10.1109\/ICSEA.2007.59"},{"key":"ijsse.2014070104-11","doi-asserted-by":"publisher","DOI":"10.1109\/SECUREWARE.2007.4385331"},{"key":"ijsse.2014070104-12"},{"key":"ijsse.2014070104-13","doi-asserted-by":"crossref","DOI":"10.21236\/ADA421683","author":"D. G.Firesmith","year":"2003","journal-title":"Common Concepts Underlying Safety, Security, and Survivability Engineering, (CMU\/SEI-2003-TN-033)"},{"key":"ijsse.2014070104-14","doi-asserted-by":"publisher","DOI":"10.1504\/IJESDF.2007.013589"},{"key":"ijsse.2014070104-15","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-73269-5_6"},{"key":"ijsse.2014070104-16","doi-asserted-by":"publisher","DOI":"10.1109\/SEW.2003.1270744"},{"key":"ijsse.2014070104-17","doi-asserted-by":"publisher","DOI":"10.2514\/3.58398"},{"key":"ijsse.2014070104-18","unstructured":"Goertzel, K. M., & Hamilton, B. A. (2013). A Twenty-FiveYear Perspective. The journal of Defence Software Engineering, 26(4), 8-15. Retrieved from http:\/\/www.academia.edu\/4105415\/A_Twenty-Five_Year_Perspective_on_Software_Assurance"},{"key":"ijsse.2014070104-19","unstructured":"Hadawi, M. A. (2007, December). Vulnerability prevention in software development process. The 10th international conference on computer & information technology (iccit\u201907), Dhaka, Bangladesh."},{"key":"ijsse.2014070104-20","doi-asserted-by":"publisher","DOI":"10.1145\/1558607.1558645"},{"key":"ijsse.2014070104-21","doi-asserted-by":"publisher","DOI":"10.1080\/19393550802623206"},{"key":"ijsse.2014070104-22","author":"M.Howard","year":"2006","journal-title":"The security development lifecycle: SDL, a process for developing demonstrably more secure software"},{"key":"ijsse.2014070104-23","unstructured":"Hussain, S., Rasool, G., Atef, M., & Shahid, A. K. (2013). A review of approaches to model security into software systems. Journal of Basic and Applied Scientific Research, 3(4), 642-647. Retrieved from http:\/\/www.textroad.com\/pdf\/JBASR\/J. Basic. Appl. Sci. Res., 3(4)642-647, 2013.pdf"},{"key":"ijsse.2014070104-24","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45800-X_32"},{"key":"ijsse.2014070104-25","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2009.206"},{"key":"ijsse.2014070104-26","doi-asserted-by":"publisher","DOI":"10.1145\/366173.366183"},{"key":"ijsse.2014070104-27","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2004.1281254"},{"key":"ijsse.2014070104-28","author":"G.McGraw","year":"2006","journal-title":"Software security: Building security in"},{"key":"ijsse.2014070104-29","author":"N. R.Mead","year":"2000","journal-title":"Survivable Network Analysis Method (CMU\/SEI-2000-TR-013)"},{"key":"ijsse.2014070104-30","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-59904-937-3.ch014"},{"key":"ijsse.2014070104-31","unstructured":"OWASP Foundation Inc. (2001). OWASP. Retrieved March 9, 2014, from https:\/\/www.owasp.org\/"},{"key":"ijsse.2014070104-32","unstructured":"Ralyt\u00e9, J. (2001). Ing\u00e9nierie des m\u00e9thodes \u00e0 base de composants. (Doctoral dissertation, Universit\u00e9 PARIS 1 \u2013 Sorbonne, PARIS, France) Retrieved from http:\/\/cui.unige.ch\/~ralyte\/publications\/These-JolitaRalyte.pdf"},{"key":"ijsse.2014070104-33","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0054216"},{"key":"ijsse.2014070104-34","doi-asserted-by":"publisher","DOI":"10.1007\/s007660050018"},{"key":"ijsse.2014070104-35","unstructured":"Schneier, B. (1999). Attack Trees. Dr. Dobb's Journal, 24(12), 21-29. Retrieved from https:\/\/www.schneier.com\/paper-attacktrees-ddj-ft.html"},{"key":"ijsse.2014070104-36","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-010-0154-z"},{"key":"ijsse.2014070104-37","doi-asserted-by":"publisher","DOI":"10.1109\/TOOLS.2000.891363"},{"key":"ijsse.2014070104-38","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-009-0091-y"},{"key":"ijsse.2014070104-39","doi-asserted-by":"crossref","unstructured":"Sodiya, A. S., Onashoga, S. A., & Ajayi, O. B. (2006). Towards building secure software systems. Issues in Informing Science and Information Technology, 3, 635-646. doi: 10.1.1.97.5290","DOI":"10.28945\/920"},{"key":"ijsse.2014070104-40","author":"K.Sohr","year":"2005","journal-title":"Articulating and Enforcing Authorisation Policies with UML and OCL. Software Engineering for Secure System-Building Trustworthy Applications (SESS\u201905)"},{"key":"ijsse.2014070104-41","unstructured":"Srivatanakul, T. (2005). Security Analysis with Deviational Techniques. PhD thesis in Computer Science, University of York."},{"key":"ijsse.2014070104-42","unstructured":"Srivatanakul, T., Clark, J. A., & Polack, F. (2005). Anton Annie (Chair). Stressing Security Requirements: Exploiting the Flaw Hypothesis Method with Deviational Techniques. SREIS 2005, Symposium on Requirements Engineering for Information Security, in conjunction with RE 05 - 13th IEEE International Requirements Engineering Conference, Paris. doi: 10.1.1.146.1090"},{"key":"ijsse.2014070104-43","author":"H.Terkelsen","year":"2006","journal-title":"Data collection on security flaws caused by design errors. doctoral dissertation"},{"key":"ijsse.2014070104-44","author":"J.Viega","year":"2001","journal-title":"Building secure software: How to avoid security problems the right way"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=118148","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,11,20]],"date-time":"2018-11-20T21:40:19Z","timestamp":1542750019000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijsse.2014070104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2014,7]]},"references-count":45,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/ijsse.2014070104","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,7]]}}}