| Security metrics for source code structures |
| Full text |
 Pdf
(343 KB)
|
Source
|
International Conference on Software Engineering
archive
Proceedings of the fourth international workshop on Software engineering for secure systems
table of contents
Leipzig, Germany
Pages 57-64
Year of Publication: 2008
ISBN:978-1-60558-042-5
|
|
Authors
|
|
| Sponsors |
|
| Publisher |
|
| Bibliometrics |
Downloads (6 Weeks): 16, Downloads (12 Months): 166, Citation Count: 1
|
|
|
 ABSTRACT
Software security metrics are measurements to assess security related imperfections (or perfections) introduced during software development. A number of security metrics have been proposed. However, all the perspectives of a software system have not been provided specific attention. While most security metrics evaluate software from a system-level perspective, it can also be useful to analyze defects at a lower level, i.e., at the source code level. To address this issue, we propose some code-level security metrics which can be used to suggest the level of security of a code segment. We provide guidelines about where and how these metrics can be used to improve source code structures. We have also conducted two case studies to demonstrate the applicability of the proposed metrics.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Adams, C. and Jourdan, G.V. 2005. Why Good Software Engineering Practices Often Do Not Produce Secure Software. Workshop on Cyber Infrastructure -- Emergence Preparedness Aspects (Ottawa, Ontario, Canada, Apr. 2005).
|
| |
2
|
Alhazmi, O.H., Malaiya, Y.K., and Ray, I. 2007. Measuring, analyzing and predicting security vulnerabilities in software systems. Computers and Security Journal 26, 3 (May 2007), 219--228.
|
| |
3
|
Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., and Wright, D. 1993. Towards operational measures of computer security. Journal of Computer Security 2, 3 (1993), 211--230.
|
 |
4
|
|
| |
5
|
|
| |
6
|
Manadhata, P. K. and Wing, J. M. 2005. An Attack Surface Metric. Technical Report. School of Computer Science, Carnegie Mellon University (CMU). CMU-CS-05-155.
|
| |
7
|
Voas, J., Ghosh, A., McGraw, G., Charron, F., and Miller, K. 1996. Defining an Adaptive Software: Security Metric from a Dynamic Software Failure Tolerance Measure. In Proceedings of the Annual Conference on Computer Assurance (Gaithersburg, MD, USA, June 1996). 250--263.
|
| |
8
|
Aggarwal, K.K., Singh, Y., Kaur, A., and Malhotra, R. 2006. Software Design Metrics for Object-Oriented Software. Journal of Object Technology 6, 1 (Jan. 2006), 121--138.
|
| |
9
|
|
| |
10
|
|
| |
11
|
Khaer, M. A., Hashem, M. M. A., and Masud, M. R. 2007. An Empirical Analysis of Software Systems for Measurement of Design Quality Level Based on Design Patterns. In Proceedings of the 10th International Conference on Computer and Information Technology. (Dhaka, Bangladesh, Dec. 2007), In Press.
|
| |
12
|
Carnegie Mellon University's Computer Emergency Response Team (CERT) Advisories, http://www.cert.org/advisories.
|
| |
13
|
Microsoft Security Bulletins, http://www.microsoft.com/technet/security/current.asp
|
| |
14
|
MITRE Common Vulnerabilities and Exposures (CVE), http://www.cve.mitre.org.
|
| |
15
|
Howard, M. 2003. Fending Off Future Attacks by Reducing Attack Surface, Technical Report, http://msdn.microsoft.com/library/default.asp?url=/library/en--us/dncode/html/secure02132003.asp.
|
CITED BY
|
|
Shunichi Suzuki , Akira Osada , Tomonori Sato , Haruhiko Kaiya , Masaaki Tanigawa , Kenji Kaijiri, A systematic method for generating quality requirements spectrum, Proceedings of the 2009 ACM symposium on Applied Computing, March 08-12, 2009, Honolulu, Hawaii
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
D.2