ABSTRACT

While security is for the application artifacts of the system, safety is for the user. Security aspects form a part of the ancillary functionality requirements; therefore, software designers need to define these requirements and, using cutting-edge technology, design this functionality to achieve security for the application artifacts. Security is at risk as long as our programs and data travel in the public domain, as the Internet happens to be. For security purposes, we need both physical as well as logical security. Physical security is not in the domain of software designers, as it needs to be provided by the operations people once the software product is put into production. As part of software design for security aspects, we need to design the aspects of preventing attacks, handling security incidents, providing assistance in investigating the incident to bring the culprits to justice, and improving security to prevent recurrence of the incident. We need to design various security data collections during transaction processing and then design reports to assist in intruder detection as well as in assisting the investigation in the postincident scenario. We also need to design various security alerts to detect intruders as soon as they get into our application. We also need to design the implementation of the security and measures to provide safety to the users from identity theft, financial losses, and loss of vital personal data. This chapter describes all these aspects in detail.