Properties for Security Measures of Software Products

A large number of attacks on computing systems succeed because of the existence of software flaws (e.g. buffer overflow, race conditions etc.) that could be fixed through a careful design process. An effective way of improving the quality of software products consists of using metrics to guide the development process. The field of software security metrics however is still in infancy in contrast with the area of traditional software metrics such as reliability metrics for which several key results have been obtained so far. We identify in this paper a number of internal software attributes that could be related to a variety of security qualities. Since theoretical validation is an important step in the development of any metrics program, we focus in this paper on studying the measurement properties associated with these internal attributes. The properties, based on popular security design principles in use in security engineering processes, can be used to guide the search of software security metrics. We study the feasibility of our theoretical framework by presenting case studies based on metrics derived from existing security measurement frameworks, namely the attack surface metrics system and the privilege graph paradigm.