Security metrics for object-oriented class designs

Proceedings - International Conference on Quality Software

Volumn , Issue , 2009, Pages 11-20

  Alshammari, Bandar ^a   Fidgeand, Colin ^a   Corney, Diane ^a  

^a QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Design principles; Metrics; Quality; Refactoring; Security

Indexed keywords

ALTERNATIVE DESIGNS; DESIGN ERRORS; DESIGN PRINCIPLES; INFORMATION FLOWS; MEASURE DATA; OBJECT ORIENTED; OBJECT-ORIENTED CLASS; OBJECT-ORIENTED DESIGN; PROGRAM STATEMENTS; QUALITY ATTRIBUTES; REFACTORINGS; SECURITY DESIGN; SECURITY METRICS; SECURITY STUDIES; SECURITY VULNERABILITIES;

COMPUTER SOFTWARE; DESIGN; MAINTAINABILITY; OBJECT ORIENTED PROGRAMMING;

SECURITY OF DATA;

EID: 77950612310     PISSN: 15506002     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/QSIC.2009.11     Document Type: Conference Paper

References (22)

1. A. Sachitano, R. O. Chapman, and J. A. Hamilton, "Security in software architecture: a case study," in Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004, pp. 370-376.
2. P. K. Manadhata, K. M. C. Tan, R. A. Maxion, and J. M. Wing, "An Approach to Measuring A System's Attack Surface," Carnegie Mellon University, Pittsburgh, PA August 2007.
3. I. Chowdhury, B. Chan, and M. Zulkernine, "Security metrics for source code structures," in Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems Leipzig, Germany: ACM, 2008.
4. E. A. Schneider, "Security architecture-based system design," in Proceedings of the 1999 workshop on New Security Paradigms Caledon Hills, Ontario, Canada: ACM, 2000.
5. J. Bansiya and C. G. Davis, "A hierarchical model for object-oriented design quality assessment," IEEE Transactions on Software Engineering, vol.28, pp. 4-17, 2002.
6. J. Jürjens, Secure Systems Development with UML: Springer, 2005.
7. J. Barnes, High Integrity Software: The SPARK Approach to Safety and Security. London, Great Britain: Addison-Wesley, 2003.
8. G. McGraw, Software Security: Building Security In. Upper Saddle River, NJ: Addison-Wesley, 2006.
9. M. Howard and D. LeBlanc, Writing Secure Code. Redmond, Wash.: Microsoft Press, 2002.
10. D. Volpano, G. Smith, and C. Irvine, "A sound type system for secure flow analysis," Journal of Computer Security, vol.4, pp. 167-187, January 1996.
11. A. Sabelfeld and A. C. Myers, "Language-based information-flow security," IEEE Journal on Selected Areas in Communications, vol.21, pp. 5-19, 2003.
12. J. H. Saltzer and M. D. Schroeder, "The protection of information in operating systems," in Proceedings of the IEEE, 1975, pp. 1278-1308.
13. M. Bishop, Computer Security: Art and Science. Boston: Addison-Wesley, 2003.
14. J. Viega and G. McGraw, Building Secure Software: How To Avoid Security Problems The Right Way. Boston: Addison-Wesley, 2002.
15. K. Maruyama, "Secure refactoring: improving the security level of existing code," in Proceedings of the Second Internation Conference on Software and Data Technologies Barcelona, Spain, 2007.
16. J. Bansiya, "A Hierarchical Model for Quality Assessment of Object-Oriented Designs," Ph.D. Thesis, University of Alabama in Huntsville, 1997.
17. M. Howard, Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users, http://msdn.microsoft.com/enus/magazine/ cc163882.aspx [Accessed: December 15, 2008]
18. C. T. Wu, A comprehensive introduction to object-oriented programming with Java, 1st ed. Boston, MA: McGraw Hill Higher Education, 2008.
19. K. Maruyama and K. Tokoda, "Security-Aware Refactoring Alerting its Impact on Code Vulnerabilities," in 15th Asia-Pacific Software Engineering Conference, 2008. APSEC '08. , 2008, pp. 445-452.
20. L. C. Briand, J. W. Daly, and J. Wust, "A unified framework for cohesion measurement in object-oriented systems," in Proceedings of the Fourth International Software Metrics Symposium., 1997, pp. 43-53.
21. M. Fowler, Refactoring: Improving The Design Of Existing Code. Reading, MA: Addison-Wesley, 1999.
22. B. Chess and J. West, Secure programming with static analysis. Upper Saddle River, NJ: Addison-Wesley, 2007.