Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective

نویسندگان

  • C. Banerjee
  • Arpita Banerjee
  • P. D. Murarka
  • Bart De Win
  • S. K. Pandey
  • Joshua Pauli
  • Dianxiang Xu
چکیده

The present age, software is exploited and the understanding of increasing extent of risk exposure as a result is rarely developed. Security should be incorporate right from the requirements phase so that the security is inbuilt and properly incorporated into the software in development. To establish the fact that a process is improving or not is a matter that seems impossible without obtaining the measurements. Security requirements can be defined and developed using a no. of techniques like fault tree analysis, failure mode and effect analysis, threat modeling, misuse / abuse cases, attack tree etc. The obtained requirements are qualitative hence they needs to be converted into quantitative measure using some metrics. Security metrics is defined as quantifiable measures which show how much security a product or process simply possess and is normally built from the low level physical measures and at high level they can be considered as quantifiable measurements of some aspect of the system. Certain Object Oriented modeling techniques like Misuse case, Use case Abuse case are very helpful in incorporating security requirements in the early stages of software development phases. ie requirement phase. In this paper, MACOQR metrics from defensive perspective is proposed whose aim is to measure the predicated and observed ratio of flaw and flawlessness

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Misuse Cases and Abuse Cases in Eliciting Security Requirements

Misuse cases, the inverted version of a use case can be used to elicit security requirements. Abuse cases also are used in eliciting security requirements. Their notation appears to be similar. This paper presents a brief comparison between misuse cases and abuse cases. It is observed that misuse cases are able to model a wider range of mis-users and they also interact with use cases in interes...

متن کامل

Misuse and Abuse Cases: Getting Past the Positive

trend, most systems for designing software also tend to describe positive features. Savvy software practitioners are beginning to think beyond features, touching on emergent properties of software systems such as reliability, security , and performance. This is mostly because experienced customers are beginning to demand secure and reliable software; but in many situations, it's still up to the...

متن کامل

Software Quality by Misuse Analysis

Case study in section 6 was removed because it is confidential 2 Case study in section 6 was removed because it is confidential Case study in section 6 was removed because it is confidential 4 Case study in section 6 was removed because it is confidential Abstract: The research project SIKOSA is funded by the Ministery for Science, Research and Art of Baden-Württemberg, Germany (Ministerium für...

متن کامل

Security Requirements Analysis of ADS-B Networks

Due to their many advantages over their hardwarebased counterparts, Software Defined Radios are becoming the new paradigm for radio and radar applications. In particular, Automatic Dependent Surveillance-Broadcast (ADS-B) is an emerging software defined radar technology, which has been already deployed in Europe and Australia. Deployment in the US is underway as part of the Next Generation Tran...

متن کامل

Building Security In

usability, and, of course, security. An earlier contribution to this department stressed the importance of going beyond functional requirements. The authors introduced misuse or abuse cases as counterparts to use cases and explained that although use cases capture functional requirements, abuse cases describe how users can misuse a system with malicious intent, thereby identifying additional se...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014