Abstract
Unlike quality, quantitative estimation of security at design phase of object oriented software is largely missing. The work examines that coupling is one of the object oriented design characteristic responsible for propagation of vulnerabilities in the design of software. A metric is proposed to determine whether the design of one version of a software system is more vulnerable than another with respect to propagation of vulnerability. Unlike, counting bugs at the code level or counting vulnerability reports at system level, the proposed metric measures the overall propagation of vulnerabilities in an object oriented design.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
McGraw, G.: From the ground up: The DIMACS software security workshop. IEEE Security & Privacy 1, 59–66 (2003)
Zadeh, J., DeVolder, D.: Software Development and Related Security Issues. In: SoutheastCon 2007, pp. 746–748. IEEE Press, USA (2007)
Briand, L.C., Daly, J.W., Wust, J.K.: A Unified Framework for Coupling Measurement in Object Oriented Systems. IEEE Trans. on Software Eng. 25, 91–121 (1999)
Wang, C., Wulf, W.A.: A Framework for Security Measurement. In: National Information System Security Conference, Baltimore, MD, pp. 522–533 (1997)
Copigneaux, F., Martin, S.: Software Security Evaluation Based On A Top Down McCall-Like Approach. In: Fourth Aerospace Computer Security Applications Conference, pp. 414–418. IEEE Press, USA (1988)
Alves-Foss, J., Barbosa, S.: Assessing Computer Security Vulnerability. ACM SIGOPS Operating Systems Review 29, 3–13 (1995)
Butler, S.A.: Security Attribute Evaluation Method: A Cost-Benefit Approach. In: International Conference on Software Engineering, pp. 232–240. ACM Press, USA (2002)
Hallberg, J., Hunstad, A., Peterson, M.: A Framework for System Security Assessment. In: 6th Annual IEEE System, Man and Cybernetics (SMC) Information Assurance Workshop, pp. 224–231. IEEE Press, New York (2005)
Alhazmi, O.A., Malaiya, Y.K., Ray, I.: Security vulnerabilities in software systems: A quantitative perspective. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 281–294. Springer, Heidelberg (2005)
Torr, P.: Demystifying the threat-modeling process. IEEE Security & Privacy 3, 66–70 (2005)
Manadhata, P., Wing, J. M.: An Attack Surface Metric. CMU-CS-05-155 (July 2005), http://www.cs.cmu.edu/%7Ewing/publications/CMU-CS-05-155.pdf
Kaomea, P.: Beyond security: A Data Quality Perspective on defensive Information Warfare. In: 1996 International Conference on Information Quality (MIT IQ Conference) Sponsored by UC Berkeley CITM, USA, pp. 172–187 (1996)
Agrawal, A., Chandra, S., Khan, R.A.: An Efficient Measurement of Object Oriented Vulnerability. In: 4th International Conference on Availability, Reliability and Security, pp. 618–622. IEEE Press, Japan (2009)
An Example of Object oriented Design: ATM Simulation, http://www.math-cs.gordon.edu/courses/cs211/ATMExample/
Meland, P.H., Jensen, J.: Secure Software Design in Practice. In: 3rd International Conference on Availability, Reliability and Security, pp. 1164–1171. IEEE Press, Spain (2008)
Chandra, S., Khan, R.A., Agrawal, A.: Security Estimation Framework: Design Phase Perspective. In: 6th International Conference on Information Technology: New Generations, pp. 254–259. IEEE Press, Las Vegas (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Agrawal, A., Khan, R.A. (2010). A Vulnerability Metric for the Design Phase of Object Oriented Software. In: Ranka, S., et al. Contemporary Computing. IC3 2010. Communications in Computer and Information Science, vol 94. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14834-7_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-14834-7_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14833-0
Online ISBN: 978-3-642-14834-7
eBook Packages: Computer ScienceComputer Science (R0)