Properties for security measures of software products

Applied Mathematics and Information Sciences

Volumn 1, Issue 2, 2007, Pages 129-156

  Liu, Yanguo Michael ^a   Traoré, Issa ^a  

^a UNIVERSITY OF VICTORIA   (Canada)

Author keywords

Quality attributes; Quality engineering; Requirements engineering; Security metrics; Software metrics; Software security

Indexed keywords

EID: 79957863416     PISSN: 19350090     EISSN: 23250399     Source Type: Journal    
DOI: None     Document Type: Article

References (23)

1. L. C. Briand, S. Morasca, V. R. Basili, Property-based software engineering measurement, IEEE TSE, 22(1996), 68-86.
2. M. Dacier, Y. Deswarte, Privilege graph: an extension to the typed access matrix model, Lecture Notes in Computer Science, 875(1994), 319-334.
3. J. H. P. Eloff, Selection process for security packages, Computers & Security, 2(1983), 159-167.
4. N. Fenton, Software Metrics: A rigorous Approach, Chapman & Hall, 1991.
5. N. Fenton, Software measurement: a necessary scientific basis, IEEE TSE, 20(1994), 199-206.
6. M. Howard, J. Pincus, J. M. Wing, Measuring relative attack surfaces, Proceeding of Workshop on Advanced Developments in Software and System Security, (2003), 109-137.
7. D. Frank, Agencies Seek Security Measures, CIO Magazine: http://www.cio.com, 2000.
8. B. Kitchenham, S. L. Pfleeger, N. Fenton, Towards a framework for software measurement validation, IEEE TSE, 21(1995), 929-943.
9. B. Kitchenham, S. L. Pfleege, N. Fenton, Reply to: Comments on towards a framework for software measurement validation, IEEE TSE, 23(1997), 187-189.
10. P. Manadhata, J. M. Wing, Measuring a System's Attack Surface, CMU-CS-04-102 Technical Report, 2004.
11. A. C. Melton, D. A. Gustafson, J. M. Bieman, A. L. Baker, A mathematical perspective for software measures research, Software Eng. J., 5(1990), 246-254.
12. J. K. Millen. Survivability Measure, Research Report, Computer Science Laboratory (CSL), SRI, CA, USA.
13. S. Morasca, L. C. Briand, Towards a theoretical framework for measuring software attributes, Fourth International Software Metrics Symposium (METRICS'97), (1997), 68-86.
14. S. Morasca, L. C. Briand, V. R. Basili, E. J. Weyuker, M. V. Zelkowitz, Comments on towards a framework for software measurement validation, IEEE TSE, 23(1997), 187-188.
15. D. M. Nicol, W. H. Sanders, K. S. Trivedi, Model-based evaluation: from dependability to security, IEEE TDSC, 1(2004), 48-65.
16. J. Saltzer, M. Schroeder, The protection of information in computer systems, Proc. of the IEEE, 63(1975), 1278-1308.
17. R. S. Sandhu, The typed access matrix model, Proc 1992 IEEE Symposium on research in Security and Privacy, May 4-6, (1992), 122-136.
18. T. A. Smith, User definable domains as a mechanism for implementing the least privilege principle, Proceedings of 9th National Computer Security Conference, (1986), 143-148.
19. L. Smith, Cryptographic algorithm metrics, NIST and CSSPAB Workshop, (2000), 13-14.
20. J. Tian, M. V. Zelkowitz, A formal program complexity model and its applications, J. Syst. Soft., 17(1992), 253-266.
21. R. B. Vaughn, Are Measures and Metrics for Trusted Information Systems Possible?, Workshop on Information Security System Scoring and Ranking, Williamsburg, VA, USA, 2001.
22. C. Wang, W. A. Wulf, Towards a framework of security measuremen, 20th NISSC Proceedings, Baltimore, Maryland, (1997), 522-533.
23. E. J. Weyuker, Evaluating software complexity measures, IEEE TSE, 14(1988), 1357-1365.