Using security patterns to combine security metrics

ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

Volumn , Issue , 2008, Pages 1156-1163

  Heyman, Thomas ^a   Scandariato, Riccardo ^a   Huygens, Christophe ^a   Joosen, Wouter ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATIONS.; INTERNATIONAL CONFERENCES; SECURITY METRICS; SECURITY OBJECTIVES; SECURITY PATTERNS;

AGGLOMERATION;

EID: 49049102759     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2008.54     Document Type: Conference Paper

References (18)

1. G. McGraw, Software Security: Building Security In. Addison Wesley Professional, 2006.
2. "The OWASP CLASP Project." http://www.owasp.org/.
3. A. Jaquith, Security metrics: replacing fear, uncertainty, and doubt. Addison-Wesley, 2007.
4. T. Heyman and C. Huygens, "Software security patterns and risk." First Workshop on Security Metrics, MetriCon 1.0, Vancouver, BC, Canada, August 1, 2006, USENIX, 2006.
5. R. Scandariato, B. D. Win, and W. Joosen, "Towards a measuring framework for security properties of software," in Second Workshop on Quality of Protection, 2006.
6. E. Gamma, R. Helm, R. Johnson, and J. M. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software. Addison Wesley Professional, 1994.
7. C. Steel, R. Nagappan, and R. Lai, Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management. Prentice Hall Ptr, 2005.
8. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns. Wiley, 2006.
9. K. Yskout, T. Heyman, R. Scandariato, and W. Joosen, "An inventory of security patterns," Tech. Rep. CW-469, Katholieke Universiteit Leuven, Department of Computer Science, 2006.
10. M. Weiss, Modelling Security Patterns Using NFR Analysis. 2007.
11. V. R. Basili, G. Caldiera, and H. D. Rombach, "The goal question metric approach," 1994.
12. L. Chung, B. A. Nixon, E. Yu, and J. Mylopoulos, Non-functional Requirements in Software Engineering. Kluwer, 2000.
13. N. E. Fenton and S. L. Pfleeger, Software Metrics: A Rigorous and Practical Approach. Boston, MA, USA: PWS Publishing Co., 1998.
14. G. Peterson, "A metrics framework to drive application security improvement," 2007.
15. ClearPoint Metrics, "Security metrics management: metrics that matter," 2006.
16. P. Manadhata, J. Wing, M. Flynn, and M. McQueen, "Measuring the attack surfaces of two ftp daemons," in Second Workshop on Quality of Protection, 2006.
17. J. McCurley, D. Zubrow, and C. Dekkers, "Measures and measurement for secure software development." https://buildsecurityin.us-cert.gov/, 2007.
18. M. Y. Chen, E. Kiciman, E. Fratkin, A. Fox, and E. Brewer, "Pinpoint: problem determination in large, dynamic internet services," Proceedings of the International Conference on Dependable Systems and Networks, pp. 595-604, 2002.