Security metrics for source code structures

Proceedings - International Conference on Software Engineering

Volumn , Issue , 2008, Pages 57-64

  Chowdhury, Istehad ^a   Chan, Brian ^a   Zulkernine, Mohammad ^a  

^a QUEEN S UNIVERSITY   (Canada)

Author keywords

Code quality and security; Metrics; Security metrics

Indexed keywords

COBALT; SOFTWARE ENGINEERING; TECHNICAL PRESENTATIONS;

CASE STUDIES; CODE QUALITY AND SECURITY; CODE SEGMENTS; METRICS; SECURITY METRICS; SOFTWARE DEVELOPMENTS; SOFTWARE SECURITIES; SOFTWARE SYSTEMS; SOURCE CODES;

CODES (SYMBOLS);

EID: 57049185862     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1370905.1370913     Document Type: Conference Paper

References (15)

1. Adams, C. and Jourdan, G.V. 2005. Why Good Software Engineering Practices Often Do Not Produce Secure Software. Workshop on Cyber Infrastructure - Emergence Preparedness Aspects (Ottawa, Ontario, Canada, Apr. 2005).
2. Alhazmi, O.H., Malaiya, Y.K., and Ray, I. 2007. Measuring, analyzing and predicting security vulnerabilities in software systems. Computers and Security Journal 26, 3 (May 2007), 219-228.
3. Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., and Wright, D. 1993. Towards operational measures of computer security. Journal of Computer Security 2, 3 (1993), 211-230.
4. Alves-Foss, J. and Barbosa, S. 1995. Assessing computer security vulnerability. SIGOPS Oper. Syst. Rev. 29, 3 (Jul. 1995), 3-13.
5. McGraw, G. 2006. Software Security: Building Security In. HHAddison-WesleyHH.
6. Manadhata, P. K. and Wing, J. M. 2005. An Attack Surface Metric. Technical Report. School of Computer Science, Carnegie Mellon University (CMU). CMU-CS-05-155.
7. Voas, J., Ghosh, A., McGraw, G., Charron, F., and Miller, K. 1996. Defining an Adaptive Software: Security Metric from a Dynamic Software Failure Tolerance Measure. In Proceedings of the Annual Conference on Computer Assurance (Gaithersburg, MD, USA, June 1996). 250-263.
8. Aggarwal, K.K., Singh, Y., Kaur, A., and Malhotra, R. 2006. Software Design Metrics for Object-Oriented Software. Journal of Object Technology 6, 1 (Jan. 2006), 121-138.
9. Pfleeger, C. and Pfleeger, S. 2003. Security in Computing. Prentice-Hall Inc.
10. Chidamber, S. R. and Kemerer, C. F. 1994. A Metrics Suite for Object Oriented Design. IEEE Trans. Softw. Eng. 20, 6 (Jun. 1994), 476-493.
11. Khaer, M. A., Hashem, M. M. A., and Masud, M. R. 2007. An Empirical Analysis of Software Systems for Measurement of Design Quality Level Based on Design Patterns. In Proceedings of the 10th International Conference on Computer and Information Technology. (Dhaka, Bangladesh, Dec. 2007), In Press.
12. Carnegie Mellon University's Computer Emergency Response Team (CERT) Advisories, http://www.cert.org/advisories.
13. Microsoft Security Bulletins, http://www.microsoft.com/technet/security/ current.asp
14. MITRE Common Vulnerabilities and Exposures (CVE), http://www.cve.mitre. org.
15. Howard, M. 2003. Fending Off Future Attacks by Reducing Attack Surface, Technical Report, HHhttp://msdn.microsoft.com/library/default.asp?url=/librar y/en-us/dncode/html/secure02132003.aspHH.