Security Estimation Framework: Design Phase Perspective
作者: Shalini Chandra , Raees Ahmad Khan , Alka Agrawal
关键词:
摘要: Generally, security analysis process is carried out through subjective evaluations. Early methods of attribute emphasizes on codes, models and policies. An exhaustive review software estimation revealed the fact that there no standard methodology available to assess quantitatively. In absence any guideline, it worthwhile developing a prescriptive framework in order quantify security. This paper proposes estimate early stage development life cycle. A phase wise sequential approach presented helps professionals mitigate vulnerability design phase.
computer.org
sci-hub.se 参考文章(24)
Nils Påhlsson, Anders Bond, A Quantitative Evaluation Framework for Component Security in Distributed Information Systems Institutionen för systemteknik. ,(2004)
Michael Yanguo Liu, Quantitative security analysis for service-oriented software architectures University of Victoria. ,(2008)
Diego Torres, Alejandro Fernandez, Gustavo Rossi, Silvia Gordillo, Fostering groupware tailorability through separation of concerns CRIWG'07 Proceedings of the 13th international conference on Groupware: design implementation, and use. pp. 143- 156 ,(2007) , 10.1007/978-3-540-74812-0_11
Riccardo Scandariato, Bart De Win, Wouter Joosen, Towards a measuring framework for security properties of software Proceedings of the 2nd ACM workshop on Quality of protection - QoP '06. pp. 27- 30 ,(2006) , 10.1145/1179494.1179500
M.R. Stytz, J.A. Whittaker, Software protection: security's last stand? ieee symposium on security and privacy. ,vol. 1, pp. 95- 98 ,(2003) , 10.1109/MSECP.2003.1177004
Ken Frazer, Building secure software: how to avoid security problems the right way ACM Sigsoft Software Engineering Notes. ,vol. 27, pp. 71- 72 ,(2002) , 10.1145/511152.511169
J. Steven, Adopting an enterprise software security framework ieee symposium on security and privacy. ,vol. 4, pp. 84- 87 ,(2006) , 10.1109/MSP.2006.33
Ana Moreira, João Araújo, Isabel Brito, Crosscutting quality attributes for requirements engineering Proceedings of the 14th international conference on Software engineering and knowledge engineering - SEKE '02. pp. 167- 174 ,(2002) , 10.1145/568760.568790
S. Chandra, R.A. Khan, Object Oriented Software Security Estimation Life Cycle-Design Phase Perspective Journal of Software Engineering. ,vol. 2, pp. 185- 192 ,(2008) , 10.3923/JSE.2010.185.192
Konstantin Beznosov, Brian Chess, Security for the Rest of Us: An Industry Perspective on the Secure-Software Challenge IEEE Software. ,vol. 25, pp. 10- 12 ,(2008) , 10.1109/MS.2008.18