Risk-Based Measurement and Analysis: Application to Software Security

Alberts, Christopher; Allen, Julia; Stoddard, Robert

doi:10.21236/ada611106

Cited by 12 publications

(13 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…"Adequately met" includes (1) It is difficult to measure something that is poorly defined. We propose a definition of security sufficiency that represents our interest from the decision making perspective.…”

Section: Defining Security Sufficiencymentioning

confidence: 99%

See 1 more Smart Citation

A Decision-Theoretic Approach to Measuring Security

Port

Wilf

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

Section: Defining Security Sufficiencymentioning

confidence: 99%

“…What is surprising here is how large this range is indicating that we don't have to estimate p with great accuracy to determine the best decision to make. [1,1]. It may seem surprising that smaller credibility intervals up to about [.7,1] have increasing VaR.…”

Section: Using Decision Risk To Measure Security Sufficiencymentioning

confidence: 99%

A Decision-Theoretic Approach to Measuring Security

Port

Wilf

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

“…However, efforts to measure and improve software security remain under investigation (Alberts et al, 2012;Colombo et al, 2012;Karen et al, 2006;Lai, 2012;Steward et al, 2012). To address the research problem and the gaps identified in existing literature, the following issues are investigated:…”

Section: Software Securitymentioning

confidence: 99%

Dependability Attributes for Increased Security in Component-Based Software Development

Kahtan

Bakar²,

Nordin³

2014

Journal of Computer Science

View full text Add to dashboard Cite

Existing software applications become increasingly distributed as their continuity and lifetimes are lengthened; consequently, the users' dependence on these applications is increased. The security of these applications has become a primary concern in their design, construction and evolution. Thus, these applications give rise to major concerns on the capability of the current development approach to develop secure systems. Component-Based Software Development (CBSD) is a software engineering approach. CBSD has been successfully applied in many domains. However, the CBSD capability to develop secure software applications is lacking to date. This study is an extension of the previous study on the challenges of the security features in CBSD models. Therefore, this study proposes a solution to the lack of security in CBSD models by highlighting the attributes that must be embedded into the CBSD process. A thorough analysis of existing studies is conducted to investigate the related software security attributes. The outcome analysis is beneficial for industries, such as software development companies, as well as for academic institutions. The analysis also serves as a baseline reference for companies that develop component-based software.

show abstract

“…Security techniques should be adaptable. There are some models that provide the needed support across the life cycle to measure software security [19].…”

Section: Mentioned Sipponen Et Al 2005mentioning

confidence: 99%

A Review on Software Development Security Engineering using Dynamic System Method (DSDM)

Sani¹,

Firdaus²,

Jeong³

et al. 2013

IJCA

View full text Add to dashboard Cite

Agile methodology such as Scrum, Extreme Programming (XP), Feature Driven Development (FDD) and the Dynamic System Development Method (DSDM) have gained enough recognition as efficient development process by delivering software fast even under the time constrains. However, like other agile methods DSDM has been criticized because of unavailability of security element in its four phases. In order to have a deeper look into the matter and discover more about the reality, we conducted a literature review. Our findings highlight that, in its current form, the DSDM does not support developing secure software. Although, there are a few researches on this topic about Scrum, XP and FDD but, based on our findings, there is no research on developing secure software using DSDM. Thus, in our future work we intend to propose enhanced DSDM that will cater the security aspects in software development. Keywords AgileDevelopment; Software Security; Software Engineering; Dynamic System Development Method; DSDM INTRODUCTIONThe DSDM software development approach that provides a framework for building and maintaining systems, meets tight time schedule through the use of incremental and iterative prototyping in a controlled project environment [1]. On the other hand, According to the computer Emergency Response Team (CERT) statistics [3].There had been a considerable increase in security related software vulnerabilities reported over the last few years. However, like other agile methods, the existing DSDM does not provide any phase or sub-phase to address security issue in software development. In general, one of the most important reasons why the agile methods ignore security issue of software may come from the misconception that security delays development process [2].Despite this misconception, security remains one of the most important non-functional requirements of a software system. Though, recently, a few efforts have made in order to address the security in software development, such efforts using agile models like Scrum, XP. Some of such efforts have been published However, based on the literature review, we found that there is a small amount of research conducted on developing secure software using DSDM. In order to have a deeper look into the fact, this paper presents the concepts of DSDM, its principles, techniques, practices, general security principles, limitations of DSDM in terms of addressing security, and the analysis of literature review. Thus, it is appropriate to commence with the concept of DSDM. DSDM AND PRINCIPLESThe basic concept of DSDM is that the time and resource are adjusted, so that the agility feature of DSDM is satisfied. Basically, DSDM has four main phases (Figure 1). The four main phases are feasibility, functional model iteration, design and build iteration and implementation. Then each phase has several sub-phases as mentioned below.

show abstract

Risk-Based Measurement and Analysis: Application to Software Security

Abstract: This material has been approved for public release and unlimited distribution except as restricted below.

Cited by 12 publications

References 1 publication

A Decision-Theoretic Approach to Measuring Security

A Decision-Theoretic Approach to Measuring Security

Dependability Attributes for Increased Security in Component-Based Software Development

A Review on Software Development Security Engineering using Dynamic System Method (DSDM)

Contact Info

Product

Resources

About