IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.11, November 2008 393 Manuscript received November 5, 2008 Manuscript revised November 20, 2008 Support Vector Machine based, project simulation with focus on Security in software development Introducing Safe Software Development Life Cycle (SSDLC) model Preeti Mulay Dr. Parag Kulkarni Bharati Vidyapeeth University Capsilon Pune Pune Summary Our proposed methodology introduces new concepts in the areas of security. This methodology also focuses on classification using SVM principles, and estimating complete details of SSDLC. This way the complete team will get to know in advance, before even project begins, complete simulation. As every phase of SSDLC is handling security aspects, software application developed will be more efficient and effective. This way of software development will reduce dependency on security team. Following proposed SSDLC model will empower software development team and increase their confidence levels; thereby decreasing stress and hence better timely output. Proposed chain structure of passphrase is another more suitable authentication technique as compared to one passphrase or use of password. Use of suggested “Hinglish” is also the best suitable practice to follow, at least in country like India. Other countries also may follow similar concept. Use of such combination of languages will be difficult for hacker to hack. Introduction of “Safe Cases” is one more positive way of looking at things. Developing “Safe Cases” will require expert to understand clients complete detail network, topology, systems etc. Based on this information and updated details about hacking, experts should develop cases to secure client’s application, data and network. Keywords: Security, SVM, SDLC, cluster, simulate, life cycle, software development Abstract Safety or Security is one of the important requirements of Software development industry. To implement safety at development level to produce a trustworthy application, proposed Safe Software Development Life Cycle (SSDLC) model is important. This is feasible by implementing safety at every phase of SSDLC by developers themselves, without waiting for security team to implement / insert required items, later. In our research work, after collecting the complete (new software) project information, it is feasible to apply Support Vector Machine (SVM) principles to classify given / available data and then simulate new project in front of the whole team. One of the ways to classify using SVM is given in coming sections. Our research include making use of SVM’s principles to classify available data, special focus is on Security aspects, simulation of new project details (estimation), forming new clusters if required, reuse of available classes, objects, documents, use cases etc. This classification of data and information can help us in identifying the points of vulnerability. This paper also suggests better ways to achieve the security in software development based on pattern classification. This security includes system security, application security and network security. Related work On the applabs’s website, authors mentioned that "There is a world of difference between feeling secure and being secure", which is a reality in software application development. As mentioned in his book [5] Software Security, by Gary McGraw, many aspects of security including network security, system security, application security etc are all important aspects. We also need to understand Privacy of data, organization and individuals as another feather attached to security, as given in [6] IEEE Security and Privacy. It has been estimated that it is about 200 times more expensive to fix a problem when an IT system is in Production compared to fixing at the requirements analysis [1] step during Development. The factor falls to about 4 for small IT projects but can exceed 500 for very large projects. Even if these figures are only vaguely close to the truth [9], the implications for quality assurance processes in IT development are crystal clear, as are the benefits of splitting massive projects into discrete sub-projects. [7].According to a Gartner Report, 75% of attacks today occur at the application level. A Forrester survey states that “people are now attacking through applications, because it’s easier than through the network layer.” To identify, analyze and report vulnerabilities in a given application, comprehensive risk assessment solution is must. [12]. I feel every client who wishes to get software application developed from an organization need to have clear picture about all security concerns. The client should be able to provide security details to development team. Once these details are available (referring to new software project), simulating complete project by following classification and forecasting (based on available historical data) will be easy. That’s the goal of this paper.