Developing secure software is based on applying the secure software design principles that form the fundamental basis for software assurance. Software assurance has been given many definitions, and it is important to understand the concept. The Software Security Assurance Report2 defines software assurances “the basis for gaining justify able confidence that software will consistently
exhibit all properties required to ensure that the software, in operation, will continue to operate dependably despite the presence of sponsored (intentional) faults. In practical terms, such software must be able to resist most attacks, tolerate as many as possible of those attacks it cannot resist, and contain the damage and recover to a normal level of operation as soon as possible after any attacks
it is unable to resist or tolerate.”
![](https://codelido.com/assets/files/2022-12-08/1670501263-667660-image.png)
Dependability
Software that executes predictably and operates correctly under a variety of conditions, including when under attack or running on a malicious host
Trustworthiness
Software that contains a minimum number of
vulnerabilities or no vulnerabilities or weaknesses that could sabotage the software’s dependability. It must also be resistant to malicious logic
Survivability (Resilience) —
Software that is resistant to or tolerant of attacks and has the ability to recover as quickly as possible with as little harm as possible
Confidentiality, Integrity, and Availability
Confidentiality, integrity, and availability are sometimes known as the CIA triad of
information system security, and are important pillars of cloud software assurance.
Confidentiality
Confidentiality refers to the prevention of intentional or unintentional unauthorized disclosure of information. Confidentiality in cloud systems is related to the areas of intellectual property rights, covert channels, traffic analysis, encryption, and inference:
1.)Intellectual property rights
2.)Covert channels
3.)Traffic analysis
4.)Encryption
I5.)Inference
Integrity
The concept of cloud information integrity requires that the following three
principles are met:
1.)Modifications are not made to data by unauthorized personnel or processes.
2.)Unauthorized modifications are not made to data by authorized personnel or processes
3.) The data is internally and externally consistent — in other words, the
internal information is consistent both among all sub-entities and with the real-world, external situation
Availability
Availability ensures the reliable and timely access to cloud data or cloud computing resources by the appropriate personnel. Availability guarantees that the systems are functioning properly when needed. In addition, this concept guarantees that the security services of the cloud system are in working order.
A denial-of-service attack is an example of a threat against availability