.INTRODUCTIONIncorporating the characterization of trust in cybersecurity. Section

.INTRODUCTIONIncorporating cybersecurity protections into software applications during development is a complex issue. In the ever-expanding digital age, virtually every aspect of human endeavor relies on secure transactions and operations. However,consideration of cybersecurity issues is often inadequate, leading to problems such as financial losses, data losses, and privacy breaches. From a systems and networking view, enormous efforts have been made to develop tools to combat specific types of cyber-attacks as they appear. However, hackers tend to think differently than developers of applications and are constantly and proactively developing increasingly notorious and creative attack strategies. Such attacks in planting malicious pieces of code that corrupt the application,steal sensitive customer information, or introduce malware such as viruses, worms and spyware, phishing, extortion schemes, and spam, 1, can be exploit vulnerabilities introduced at any step of the development process. Software applications that are vulnerable to cyber-attacks can drive potential customers and users of the application away. To gain user trust in purposeful applications, it is important to carry out application development while carefully addressing security issues at each step. Software developers tend to focuson functional requirements, with little emphasis on non-functional requirements, such as security. Some authors report benefits of addressing security measures at the distinct phasesof the software development life cycle 23456. Futcherand von Solms proposed guidelines for secure software development 6. In this paper we provide a survey of literature that is relevant to secure software development practices. Several security issues, concerns, challenges, and solutions atdifferent phases of the software development life cycle as described in the literature on cybersecurity are also presented. However, the scope of this paper is limited to Analysis, Design, Implementation, and Testing phases of the Software Development Life Cycle (SDLC). The organization of rest of the paper is as follows. Section II describes the characterization of trust in cybersecurity. Section III describes the phases of a typical software development life cycle. Section IV describes the security concerns encountered during the Analysis phase of the Software Development Life Cycle and potential ways to address those concerns. Section V discusses future work and Section VI wraps up the paper with the conclusion. II. CYBERSECURITY AND TRUSTWith technology advancement and mass digitalization of user personal data, establishing user trust has become an important factor in the use of software systems. Most software systems are potentially vulnerable to attacks even if there is strict adherence to leading edge principles of encryption and decryption. Security of software systems is classified into three categories: Confidentiality, Integrity and Availability 781. These categories are also collectively known as the CIA triad. Confidentiality is defined as “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” 9. Integrity is defined as “Guarding against improper information modification or destruction, and includes ensuring information non-reputation and authenticity…” 9. Availability is defined as “Ensuring timely and reliable access to and use of information…” 9. Security is often intertwined with trust. In the context of software systems, trust refers to the level of confidence or reliability that a person places in a software system, including the expectations that they have for the software fulfilling itspurpose. The software system can be of multiple elements, including programs, configuration files, and documentation. In addition, the concept of trust in the context of cyber securityincludes expectations that people have from all aspects of software development, including requirements, design, platform-specific issues and networks, for which various security practices, processes and technologies are in use. Trust also refers to a relationship that a person forms with software applications that are online or over a network. The Int’l Conf. Software Eng. Research and Practice | SERP’17 |51ISBN: 1-60132-468-5, CSREA Press ©trust relationship is betrayed if the user’s expectations from these applications are not met. This raises questions concerning the kinds of expectations that users have with the applicationsand the factors that diminish trust. One factor arises from anynegative risks that are associated with the usage of an application. There are traditional ways of assessing risk in cybersecurity. Oltramari et. al. 7 identified endpoint users as key introducers of risk in an application network, since humans, such as software developers, attackers and users of the application are included as a component of the system. In addition, low skill level or exhausted software developers tendto increase cybersecurity risk, while users can substantially decrease cybersecurity risks by being aware and attentive to the means of protecting their personal assets from, phishing or spam efforts 5. Again, insiders within an organization are also known to sometimes support and execute malicious attacks for which outsiders have minimal knowledge. As described by Colwill, “A malicious insider has the potential to cause more damage to the organization and has many advantages over an outside attacker” 10. These human concerns in information and cybersecurity make it important to learn to distinguish between regular users, potential hackers and insiders who can pose a great threat. Trust and human factors in cybersecurity all also of great concern in the rapidly expanding area of autonomous systems, many of which utilize advanced methods of artificial intelligence. Examples of autonomous systems include floor cleaning robots, agent software, military and private drones, surgery-performing robots and self-driving cars. Autonomous systems are managed and supervised independently by a single administrator, entity, or organization 11 12. Each autonomous system has a unique identifying label that can be used during data packet transfer between two systems 12. Some autonomous systems can make decisions and perform tasks in unstructured environments with no need for human control or guidance.