An Analyzer-based Security Measurement Model for Increasing Software Security
نویسنده
چکیده
Software security has become an increasingly important issue for information and software system. Secure vulnerabilities of software system may cause a company out of business and even destroy the social normal operation. How to improve software security becomes a critical issue in software development process. In this paper, utilizing the static program analyzer and dynamic simulation analyzer to collect metrics, proposes an Analyzer-based Software Security Measurement (ASSM) model. Applying ASSM model, the secure flaws of software system can be identified clearly. And, using a Rule-based Software Security Improvement (RSSI) operation to control and improve security defects and security vulnerability of software system. The security risk of software system can be reduced efficiently.
منابع مشابه
Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملQuantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملFormal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاملThe Presentation of an Ideal Safe SMS based model in mobile Electronic commerce using Encryption hybrid algorithms AES and ECC
Mobile commerce is whatever electronic transfer or transaction via a mobile modem through a mobile net in which the true value or advance payment is done for goods, services or information. A mobile payment system should be beneficial for all related persons. For a payment system to be a Successful system, End-user, seller, exporter and operators should see a additional value in it. End-user ...
متن کاملA combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کامل