Relating Software Coupling Attribute and Security Vulnerability Attribute
نویسندگان
چکیده
Both internal software properties, such as cohesion and coupling, and external software properties, such as performance or security, have been extensively studied [2,11,13]. In this paper we pose a metric for an external property, security vulnerability, using aspects from coupling, which is an internal property. We introduce two metrics, Average Vulnerability (AV) and Degree of Vulnerability (DV), to gauge the extent of security vulnerability. Then these metrics are applied to the top ten security vulnerable components in Mozilla as described by Neuhaus et al [7]. High associations are found between these metrics and the top ten vulnerable components. This result provides a direction that future design review and testing should focus on coupling properties when security is specified as an important factor in the requirements specification.
منابع مشابه
A combination of semantic and attribute-based access control model for virtual organizations
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex ...
متن کاملAttribute-based Access Control for Cloud-based Electronic Health Record (EHR) Systems
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records...
متن کاملDoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation
Security and privacy are very important challenges for outsourced private data over cloud storages. By taking Attribute-Based Encryption (ABE) for Access Control (AC) purpose we use fine-grained AC over cloud storage. In this paper, we extend previous Ciphertext Policy ABE (CP-ABE) schemes especially for mobile and resource-constrained devices in a cloud computing environment in two aspects, a ...
متن کاملAn Algorithm to Measure Attribute Vulnerability Ratio of an Object Oriented Design
In order to minimize vulnerabilities and achieve target level security, quantification of security is necessary. Unfortunately, quantitative estimation of security in design phase is largely missing. Given the need and significance of such a mechanism, an effort has been made by the authors of the paper to deduce a methodology to find out the impact of Inheritance on vulnerability propagation i...
متن کاملAn Analytical Security Model for Existing Software Systems
Nowadays, evaluation of software security, as one of the important quality attributes, is of paramount importance. There are many software systems have not considered security in their design; this makes them vulnerable to security risks. Architecture is the most important consideration in software design that affects final quality of software. Quality attributes such as efficiency and reliabil...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2010