An Analytical Security Model for Existing Software Systems

Download
2014-03-01
Isazadeh, Ayaz
Elgedawy, Islam
Karimpour, Jaber
Izadkhah, Habib
Nowadays, evaluation of software security, as one of the important quality attributes, is of paramount importance. There are many software systems have not considered security in their design; this makes them vulnerable to security risks. Architecture is the most important consideration in software design that affects final quality of software. Quality attributes such as efficiency and reliability have been studied at software architecture level; however, no report has ever been provided about the effect of software architecture on security. The purpose of this paper is to propose a mathematical-based method for evaluating and quantifying software security using the coupling aspects of the software architecture. To achieve this goal, first, we show the relationship between coupling types and vulnerability using an empirical-based software engineering technique that adopts Mozilla Firefox Browser vulnerability data. Then, we propose a mathematical weighted relationship between coupling types and vulnerability, where regression statistical analysis and Mozilla Firefox vulnerability data are used to predicate the relationship coefficients. Finally, we extract software architecture using DAGC tool and then convert the extracted architecture into Discrete Time Markov chains, which are used to predict and compute the system over all vulnerability.
APPLIED MATHEMATICS & INFORMATION SCIENCES

Suggestions

A method for product defectiveness prediction by using process enactment data in a small software organization
Sivrioğlu, Damla; Demirörs, Onur; Tarhan, Ayça; Department of Information Systems (2012)
As a part of the quality management, product defectiveness prediction is vital for small software organizations as for instutional ones. Although for defect prediction there have been conducted a lot of studies, process enactment data cannot be used because of the difficulty of collection. Additionally, there is no proposed approach known in general for the analysis of process enactment data in software engineering. In this study, we developed a method to show the applicability of process enactment data for...
An Ontology based approach to requirements reuse problem in software product lines
Karataş, Elif Kamer; Birtürk, Ayşenur; Department of Computer Engineering (2012)
With new paradigms in software engineering such as Software Product Lines, scope of reuse is enlarged from implementation upto design, requirements, test-cases, etc. In this thesis an ontology-based approach is proposed as a solution to systematic requirement reuse problem in software product lines, and the approach is supported with a reuse automation tool. A case study is performed on the projects of an industrial software product line using hereby proposed solution and then based on the evaluated metrics...
A framework for qualitative assessment of domain-specific languages
Kahraman, Gokhan; Bilgen, Semih (Springer Science and Business Media LLC, 2015-10-01)
Domain-specific languages (DSLs) are used for improving many facets of software development, but whether and to what extent this aim is achieved is an important issue that must be addressed. This paper presents a proposal for a Framework for Qualitative Assessment of DSLs (FQAD). FQAD is used for determining the perspective of the evaluator, understanding the goal of the assessment and selecting fundamental DSL quality characteristics to guide the evaluator in the process. This framework adapts and integrat...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Özdemir Sönmez, Ferda ; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
A size measurement method for Enterprise Applications
Ömüral, Neslihan Küçükateş; Demirörs, Onur (2022-01-01)
Enterprise Applications are known as one of the best practices of software reuse. They are complex applications, including most of the business processes. In this domain, size measurements and effort predictions are mostly performed in an ad-hoc fashion, and they frequently suffer from schedule and budget overruns. We developed a size measurement method for Enterprise Applications and explained this novel method in this paper. We categorized transactions as “unchanged”, “changed”, and “new” in this method. ...
Citation Formats
A. Isazadeh, I. Elgedawy, J. Karimpour, and H. Izadkhah, “An Analytical Security Model for Existing Software Systems,” APPLIED MATHEMATICS & INFORMATION SCIENCES, pp. 691–702, 2014, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/67692.