Using complexity metrics to improve software security
作者: Sara Moshtari , Ashkan Sami , Mahdi Azimi
DOI: 10.1016/S1361-3723(13)70045-9
关键词:
摘要: Information technology is quickly spreading across critical infrastructures and software has become an inevitable part of industries organisations. At the same time, many cyberthreats are result poor coding. Stuxnet, which was most powerful cyber-weapon used against industrial control systems, exploited zero-day vulnerabilities in Microsoft Windows. 1 The US Department Homeland Security (DHS) also announced that among three common cyber-security Industrial Control Systems (ICSs). 2 Therefore, improving security important role increasing level computer-based systems. Software vulnerability prediction a tedious task, so automating would save lot time resources. One recently methodology based on automatic fault using metrics. Here, Sara Moshtari, Ashkan Sami Mahdi Azimi Shiraz University, Iran build previous studies by providing more complete information. They show what can be achieved different classification techniques
elsevier.com
sci-hub.se 参考文章(15)
Eugene H. Spafford, Ivan Victor Krsul, Software vulnerability analysis Purdue University. ,(1998)
T.J. McCabe, A Complexity Measure IEEE Transactions on Software Engineering. ,vol. SE-2, pp. 308- 320 ,(1976) , 10.1109/TSE.1976.233837
Yonghee Shin, Laurie Williams, An initial study on the use of execution complexity metrics as indicators of software vulnerabilities Proceeding of the 7th international workshop on Software engineering for secure systems - SESS '11. pp. 1- 7 ,(2011) , 10.1145/1988630.1988632
Yonghee Shin, Laurie Williams, Can traditional fault prediction models be used for vulnerability prediction? Empirical Software Engineering. ,vol. 18, pp. 25- 59 ,(2013) , 10.1007/S10664-011-9190-8
Istehad Chowdhury, Mohammad Zulkernine, Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities Journal of Systems Architecture. ,vol. 57, pp. 294- 313 ,(2011) , 10.1016/J.SYSARC.2010.06.003
Lionel C. Briand, Jürgen Wüst, John W. Daly, D. Victor Porter, Exploring the relationship between design measures and software quality in object-oriented systems Journal of Systems and Software. ,vol. 51, pp. 245- 273 ,(2000) , 10.1016/S0164-1212(99)00102-8
Viet Hung Nguyen, Le Minh Sang Tran, Predicting vulnerable software components with dependency graphs international workshop on security. pp. 3- ,(2010) , 10.1145/1853919.1853923
Yonghee Shin, Andrew Meneely, Laurie Williams, Jason A. Osborne, Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities IEEE Transactions on Software Engineering. ,vol. 37, pp. 772- 787 ,(2011) , 10.1109/TSE.2010.81
Michael Gegick, Laurie Williams, Jason Osborne, Mladen Vouk, Prioritizing software security fortification throughcode-level metrics Proceedings of the 4th ACM workshop on Quality of protection - QoP '08. pp. 31- 38 ,(2008) , 10.1145/1456362.1456370
Yonghee Shin, Laurie Williams, Is complexity really the enemy of software security? Proceedings of the 4th ACM workshop on Quality of protection - QoP '08. pp. 47- 50 ,(2008) , 10.1145/1456362.1456372