Assessing security properties of software components: A software engineer's perspective

Proceedings of the Australian Software Engineering Conference, ASWEC

Volumn 2006, Issue , 2006, Pages 199-208

  Khan, Khaled M ^a   Han, Jun ^b  

^a UNIVERSITY OF WESTERN SYDNEY   (Australia)

^b SWINBURNE UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); COMPUTER SOFTWARE; MATHEMATICAL MODELS; MULTI AGENT SYSTEMS; SOFTWARE ENGINEERING; STANDARDIZATION;

INFORMATION TECHNOLOGY SECURITY EVALUATION; ISO/IEC 15408; MULTI-ELEMENT COMPONENT COMPARISON AND ANALYSIS (MECCA) MODEL; SOFTWARE COMPONENTS;

SECURITY SYSTEMS;

EID: 33750130329     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ASWEC.2006.13     Document Type: Conference Paper

References (10)

1. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. Addison-Wesley, Boston, 2003.
2. Berinato, S., "A Few Good Metrics", CIO-Asia Magazine, September 2005.
3. Foundstone, "Information Security Metrics", White paper, Foundstone Strategic Security, April 2003.
4. Glib, T.: Software Metrics, Cambridge MA, Winthrop, 1977.
5. Howard, M., Pincus, J., Wing, J., "Measuring Relative Attack Surfaces", Chapter 8, in Computer Security in the 21st Century, Springer-Verlag, 2005, pp. 109-137.
6. ISO/IEC 15408. Common Criteria for Information Technology Security Evaluation. NIST, USA, http://csrc.nist.gov/cc/, June 1999.
7. Khan, K., Han, J., "A Security Characterisation Framework for Trustworthy Component Based Software Systems", Proceedings of the COMPSAC'03, IEEE Computer Society, 2003, pp. 164-169.
8. Khan, K. M., Ramakrishnan, M.K., Lo, B., "Assessment Model for Software maintenance Tools: A Conceptual Framework" Proceedings of PACIS Pasific Asia conference on Information systems, QUT, Brisbane, 1997, pp. 527-536.
9. Payne, S., "A Guide to Security Metrics", SANS Institute 2002.
10. Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L., "Security Metrics Guide for Information Technology Systems", National Institute of Standard and Technology (NIST) Special Publication 800-55, July 2003.