Skip to main content
SpringerLink
Log in

A Vulnerability Metric for the Design Phase of Object Oriented Software

  • Conference paper
Contemporary Computing (IC3 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 94))

Included in the following conference series:

Abstract

Unlike quality, quantitative estimation of security at design phase of object oriented software is largely missing. The work examines that coupling is one of the object oriented design characteristic responsible for propagation of vulnerabilities in the design of software. A metric is proposed to determine whether the design of one version of a software system is more vulnerable than another with respect to propagation of vulnerability. Unlike, counting bugs at the code level or counting vulnerability reports at system level, the proposed metric measures the overall propagation of vulnerabilities in an object oriented design.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. McGraw, G.: From the ground up: The DIMACS software security workshop. IEEE Security & Privacy 1, 59–66 (2003)

    Article  Google Scholar 

  2. Zadeh, J., DeVolder, D.: Software Development and Related Security Issues. In: SoutheastCon 2007, pp. 746–748. IEEE Press, USA (2007)

    Chapter  Google Scholar 

  3. Briand, L.C., Daly, J.W., Wust, J.K.: A Unified Framework for Coupling Measurement in Object Oriented Systems. IEEE Trans. on Software Eng. 25, 91–121 (1999)

    Article  Google Scholar 

  4. Wang, C., Wulf, W.A.: A Framework for Security Measurement. In: National Information System Security Conference, Baltimore, MD, pp. 522–533 (1997)

    Google Scholar 

  5. Copigneaux, F., Martin, S.: Software Security Evaluation Based On A Top Down McCall-Like Approach. In: Fourth Aerospace Computer Security Applications Conference, pp. 414–418. IEEE Press, USA (1988)

    Google Scholar 

  6. Alves-Foss, J., Barbosa, S.: Assessing Computer Security Vulnerability. ACM SIGOPS Operating Systems Review 29, 3–13 (1995)

    Article  Google Scholar 

  7. Butler, S.A.: Security Attribute Evaluation Method: A Cost-Benefit Approach. In: International Conference on Software Engineering, pp. 232–240. ACM Press, USA (2002)

    Google Scholar 

  8. Hallberg, J., Hunstad, A., Peterson, M.: A Framework for System Security Assessment. In: 6th Annual IEEE System, Man and Cybernetics (SMC) Information Assurance Workshop, pp. 224–231. IEEE Press, New York (2005)

    Google Scholar 

  9. Alhazmi, O.A., Malaiya, Y.K., Ray, I.: Security vulnerabilities in software systems: A quantitative perspective. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 281–294. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Torr, P.: Demystifying the threat-modeling process. IEEE Security & Privacy 3, 66–70 (2005)

    Google Scholar 

  11. Manadhata, P., Wing, J. M.: An Attack Surface Metric. CMU-CS-05-155 (July 2005), http://www.cs.cmu.edu/%7Ewing/publications/CMU-CS-05-155.pdf

  12. Kaomea, P.: Beyond security: A Data Quality Perspective on defensive Information Warfare. In: 1996 International Conference on Information Quality (MIT IQ Conference) Sponsored by UC Berkeley CITM, USA, pp. 172–187 (1996)

    Google Scholar 

  13. Agrawal, A., Chandra, S., Khan, R.A.: An Efficient Measurement of Object Oriented Vulnerability. In: 4th International Conference on Availability, Reliability and Security, pp. 618–622. IEEE Press, Japan (2009)

    Chapter  Google Scholar 

  14. An Example of Object oriented Design: ATM Simulation, http://www.math-cs.gordon.edu/courses/cs211/ATMExample/

  15. Meland, P.H., Jensen, J.: Secure Software Design in Practice. In: 3rd International Conference on Availability, Reliability and Security, pp. 1164–1171. IEEE Press, Spain (2008)

    Chapter  Google Scholar 

  16. Chandra, S., Khan, R.A., Agrawal, A.: Security Estimation Framework: Design Phase Perspective. In: 6th International Conference on Information Technology: New Generations, pp. 254–259. IEEE Press, Las Vegas (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, BBA University, Vidya Vihar, Raebareli Road, Lucknow, India

    A. Agrawal & R. A. Khan

Authors
  1. A. Agrawal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. A. Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Sciences, University of Florida, 32611, Gainesville, FL, USA

    Sanjay Ranka

  2. University of Florida, Gainesville, Fl, USA

    Arunava Banerjee

  3. Department of Computer Science and Engineering, Indian Institute of Technology, 110016, New Delhi, INDIA

    Kanad Kishore Biswas

  4. Computer Science, College of Engineering and Science, Louisiana Tech University, LA 71272, Ruston, USA

    Sumeet Dua

  5. University of Florida, Gainesville, FL, USA

    Prabhat Mishra

  6. Department of Computer Science & Engineering, Indian Institute of Technology, 208016, Kanpur, India

    Rajat Moona

  7. National Tsing Hua University, Hsin-Chu, Taiwan, R.O.C.

    Sheung-Hung Poon

  8. Department of Computer Science, The University of Hong Kong, Pokfulam Road, Hong Kong

    Cho-Li Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Agrawal, A., Khan, R.A. (2010). A Vulnerability Metric for the Design Phase of Object Oriented Software. In: Ranka, S., et al. Contemporary Computing. IC3 2010. Communications in Computer and Information Science, vol 94. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14834-7_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14834-7_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14833-0

  • Online ISBN: 978-3-642-14834-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation