Software security metric identification framework (SSM)

Proceedings of the International Conference on Advances in Computing, Communication and Control, ICAC3'09

Volumn , Issue , 2009, Pages 725-731

  Chandra, S ^a   Khan, R A ^a  

^a BABASAHEB BHIMRAO AMBEDKAR UNIVERSITY   (India)

Author keywords

Security metric; Security quantification; Software security

Indexed keywords

DESIGN KNOWLEDGE; DESIGN SECURITY; INDUSTRY PROFESSIONALS; OBJECT ORIENTED METRICS; OBJECT ORIENTED SOFTWARE; QUANTIFIABLE MEASURES; SECURITY IMPROVEMENT; SECURITY METRIC; SECURITY METRICES; SECURITY METRICS; SECURITY MODEL; SECURITY QUANTIFICATION; SOFTWARE SECURITY;

COMPUTER SCIENCE; COMPUTER SOFTWARE; OBJECT ORIENTED PROGRAMMING; SOFTWARE DESIGN; STANDARDIZATION;

METRIC SYSTEM;

EID: 70349092552     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1523103.1523250     Document Type: Conference Paper

References (33)

1. th International Conference on Computer and Information Technology (United International University Dhaka, Bangladesh, 27-29 December 2007). ICCIT 2007. IEEE 2007. 1-6. DOI=10.1109/ICCITECHN.2007. 4579432
2. Allen, E.B. and Khoshgoftaar, T.M. 1999. Measuring Coupling and Cohesion: An Information-Theory Approach. In Proceedings of Sixth International Software Metrics Symposium. (Boca, Raton, FL, USA, 4-6 November 1999). IEEE. 119-127. DOI = 10.1109/METRIC.1999.809733
3. Z. Dwaikat and Presicce, F. P. 2005. Risky Trust: Risk-Based Analysis of Software Systems. In proceedings of the 2005 Workshop on Software Engineering For Secure Systems-Building Trustworthy Application, (St. Louis, Missouri, USA, 15-16 May 2005), SESS'05. ACM. 1-7. DOI = http://doi.acm.org/10.1145/1083200. 1083206.
4. Nichols, E.A. and Peterson, G. 2007. A Metrics Framework to Drive Application Security Improvement, IEEE Security & Privacy, 5, 2, (March-April 2007), IEEE, 88-91. DOI = 10.1109/MSP.2007.26
5. Khan, R. A. and Mustafa, K. 2008. Secured Requirements Specification Framework. American Journal of Applied Sciences. 5, 12, 1622-1629.
6. Chandra, S. and Khan, R.A. 2008. Software Security Estimation in Early Stage of Development Life Cycle. In Proceedings of National Conference on Emerging Technologies. (Lucknow, India, 29-30 March 2008), NCET 08. 1-3.
7. Chandra, S., and Khan, R.A. 2008. Object-Oriented Software Security Estimation Life Cycle - Design Phase Perspective, Journal of Software Engineering, 2, 1 (2008), 39-46.
8. Khan, R. A. 2004. Quality Estimation of Object-Oriented Code: A Design Phase Perspective. Doctoral Thesis. Jamia Melia Islamia University. Delhi.
9. f): A Prescriptive Framework", International Arab Journal of Information Technology (IAJIT), 2008, (accepted 11th September).
10. Cheng, X., He, N., Hsiao, M.S. 2008. A New Security Sensitivity Measurement for Software Variables. In proceedings of IEEE Conference on Technologies on Homeland Security. (Waltham, MA 12-13 May 2008), IEEE, 593-598. DOI=10.1109/THS.2008.4534520
11. Mandhata, P., Wing, J. M. 2005. An Attack Surface Metric. Technical Report, CMU-CS-05-155, Carnegie Mellon University. Pittusburg.
12. Savola, R. 2007. Towards a Security Metrics Taxonomy for the Information and Communication Technology, In Proceedings of International Conference on Software Engineering Advances, (Cap Esteral, French Riviera, France, 25-31 August 2007), ICSEA 2007, IEEE, 60-60. DOI=10.1109/ICSEA.2007.79
13. nd ACM Workshop on Quality of Protection (Alexandria BA. USA, OCT 2006). ACM. 27-30. DOI = http://doi.acm.org/10.1145/1179494.1179500
14. Howard, M., Pincus, J. and Wing, J. M. 2003. Measuring Relative Attack Surfaces, In Proceedings of Workshop on Advanced, Developments in Software and System Security, 2003. Available as: CMU-TR-03-169, August 2003. Carnegie Mellon University. Pittusburg.
15. Nichols, E.A. and Peterson, G. 2007. A Metrics Framework to Drive Application Security Improvement, IEEE Security & Privacy, 5(2) March-April 2007, 88-91. DOI=10.1109/MSP.2007.26
16. Zade, J. and DeVolder, D. 2007. Software Development and Related Security Issues, In Proceedings of IEEE Southeastcon 2007, (Richmond Marriott, 500 East Broad Street, Richmond, USA, 22-25 March 2007), IEEE, 746-748. DOI = 10.1109/SECON.2007.343000
17. Ardi, S., and Byers, D., Meland, P., Tondel, I. A., Shahmehri, N. 2007. How Can Developer Benefit From Security Modeling? In proceedings of Second International Conference on Availability, Reliability, and Security, (Vienna University of Technology, Austria, 10-13 April 2007), ARES 2007, IEEE, 1017-1025. DOI=10.1109/ARES.2007.96
18. Byers, D., and Shahmehri, N. 2007. Design of a Process for Software Security. In proceedings of Second International Conference on Availability, Reliability, and Security (Vienna, Austria, 10-13 April 2007), ARES 2007, IEEE, 301-309. DOI=10.1109/ARES.2007.67
19. Chandra, S., and Khan, R.A. 2008. Software Security Estimation Framework, 6th International Conference on Information Technology: New Generations, ITNG 2009 (Las Vegas, Nevada, USA, 27-29 April 2009) (communicated).
20. Vaughn, R. B. 2001. Are Measures and Metrics for Trusted Information Systems Possible? In Proceedings of Sixth IEEE International Symposium on High Assurance Systems Engineering. (Boca Raton, Florida, 22-24 October, 2001). DOI=10.1109/HASE.2001.966802.
21. Qu, W. and Zhang, D. 2007. Security Metrics Models and Application with SVM in Information Security Management, In Proceedings of the Sixth International Conference on Machine Learning and Cybernetics (Hong Kong, 19-22 August 2007), IEEE, 3234-3238. DOI=10.1109/ICMLC.2007.4370705
22. Naqvi, S. and Riguide, M. 2008. Quantifiable Security Metrics for Large Scale Heterogeneous Systems, In Proceedings of IEEE Carnahan Conferences Security Technology, (Lexington, Kentucky, 16-20 October 2006), IEEE, 209-215. DOI=10.1109/CCST.2006.313452
23. Eichberg, M., Germanus, D., Mezini, M., Mrokon, L., and Schafer, T. 2006. QScope: an Open, Extensible Framework for Measuring Software Projects, In Proceedings of the Conference on Software Maintenance and Reengineering, (Bari, Italy, 22-24 March 2006), CSMR'06. IEEE, 113-122. DOI=10.1109/CSMR.2006.42
24. Payne, S.C. 2007. A guide to security metrics, SANS institute 2007. Available at:
25. McCurley, J., Zubrow, D. and Dekkers, C. 2007. Measures and Measurement for Secure Software Development, Build Security In, 2007. Available at: https://buildsecurityin.uscert.gov/daisy/bsi/articles/best-practices/ measurement/227.html.
26. Moreira, A., Araújo, J. and Brito, I. 2002. Crosscutting Quality Attributes for Requirements Engineering, In Proceedings of Software Engineering and Knowledge Engineering Conference, (Ischia, Italy, 15-19 July 2002), SEKE 2002, ACM, 27, 167-174. DOI=http://doi.acm.org/10.1145/568760.568790
27. Alhazmi, O. H. and Malaiya, Y. K. 2005. Quantitative Vulnerability Assessment of Systems Software. In Proceedings of Reliability and Maintainability Symposium, 2005. (Newyork, 24-27 January 2005), IEEE, 615-620. DOI=10.1109/RAMS.2005.1408432
28. Goertzel, K. M., Winograd, T., McKinley, H. L., Oh, L., Colon, M., McGibbon, T., Fedchak, E. and Vienneau, R. 2007. Software Security Assurance, State-of-the-Art Report (SOAR), Information Assurance Technology Analysis Centre (IATAC) and Data and Analysis Center for Software, (31 July 2007Card, D. N. 1998. Learning from Our Mistakes with Defect Causal analysis, IEEE Software, 15, 1, (January-February 1998), 56-63. DOI=10.1109/52.646883
29. Agrawal, A., Chandra, S., and Khan, R.A. 2009. An Efficient Measurement of Object-Oriented Design Vulnerability, In Proceedings of International Conference on availability, Reliability and Security, (Fukuoka, Japan, 16-19 March 2008), ARES 2009, (accepted).
30. Hadavi, M. A., Sangehi, H. M., Hamishagi, V. S. and Shirazi, H. 2008. Software Security; A Vulnerability - Activity Revisit. In Proceedings of International Conference on availability, Reliability and Security, (University of California, Barcelona, Spain, 4-7 March 2008), ARES 2008, IEEE, 866-872. DOI=10.1109/ARES.2008.200
31. Savola, R. and Holappa, J. 2005. Self-Measurement of the Information Security Level in a Monitoring System Based on Mobile Ad Hoc Networks. In Proceedings of IEEE International Workshop on Measurement Systems for Homeland Security, Contraband Detection and Personal Safety (Orlando, FL, USA, 29-30 March 2005). IMS 2005. 42-49. DOI=10.1109/MSHS.2005.1502553
32. Chandra. S. and Khan, R. A. 2008. Security Estimation Method: A Quantification Approach. In Proceedings of International Conference on Computing. (Kerela, 23-25 September 2008). IEEE sponsored. 316-319.
33. Talbi, T.; Meyer, B.; Stapf, E. 2001. A Metric Framework to for Object-oriented development. In Proceedings of International Conference and Exhibition on Technology of Object-Oriented Languages and Systems, (Santa Barbara, CA, USA, July 29 - August 3 2001), IEEE. 164-172. DOI=10.1109/TOOLS. 2001.9