An Analytical Security Model for Existing Software Systems

Download
2014-03-01
Isazadeh, Ayaz
Elgedawy, Islam
Karimpour, Jaber
Izadkhah, Habib
Nowadays, evaluation of software security, as one of the important quality attributes, is of paramount importance. There are many software systems have not considered security in their design; this makes them vulnerable to security risks. Architecture is the most important consideration in software design that affects final quality of software. Quality attributes such as efficiency and reliability have been studied at software architecture level; however, no report has ever been provided about the effect of software architecture on security. The purpose of this paper is to propose a mathematical-based method for evaluating and quantifying software security using the coupling aspects of the software architecture. To achieve this goal, first, we show the relationship between coupling types and vulnerability using an empirical-based software engineering technique that adopts Mozilla Firefox Browser vulnerability data. Then, we propose a mathematical weighted relationship between coupling types and vulnerability, where regression statistical analysis and Mozilla Firefox vulnerability data are used to predicate the relationship coefficients. Finally, we extract software architecture using DAGC tool and then convert the extracted architecture into Discrete Time Markov chains, which are used to predict and compute the system over all vulnerability.
APPLIED MATHEMATICS & INFORMATION SCIENCES

Suggestions

A process modeling based method for identification and implementation of software development tool integration-tuples
Ertürkmen, K. Alpay; Demirörs, Onur; Department of Information Systems (2010)
Software development is highly dependent on the use of tools. These tools support and automate activities performed in different sub-domains of software development. However, they don‘t adequately provide or support integration facilities, and act as ―islands of automation‖. This restricts their benefits to only specific parts of the process. To reap the benefits of integration, this thesis provides a process modeling based method named PLETIN to identify and implement software development tool integration-...
An Ontology based approach to requirements reuse problem in software product lines
Karataş, Elif Kamer; Birtürk, Ayşenur; Department of Computer Engineering (2012)
With new paradigms in software engineering such as Software Product Lines, scope of reuse is enlarged from implementation upto design, requirements, test-cases, etc. In this thesis an ontology-based approach is proposed as a solution to systematic requirement reuse problem in software product lines, and the approach is supported with a reuse automation tool. A case study is performed on the projects of an industrial software product line using hereby proposed solution and then based on the evaluated metrics...
A metrics-based approach to the testing process and testability of object-oriented software systems
Yurga, Tolga; Doğru, Ali Hikmet; Department of Information Systems (2009)
This dissertation investigates the factors that affect testability and testing cost of object- oriented software systems. Developing a software program which eases the testing process by increasing testability is crucial. Also, to assess whether or not the testing effort and cost consumed or planned is adequate or not is another critical matter this dissertation aims to answer by composing a new way to evaluate the links between software design parameters and testing effort via source-based metrics. An auto...
A method for product defectiveness prediction by using process enactment data in a small software organization
Sivrioğlu, Damla; Demirörs, Onur; Tarhan, Ayça; Department of Information Systems (2012)
As a part of the quality management, product defectiveness prediction is vital for small software organizations as for instutional ones. Although for defect prediction there have been conducted a lot of studies, process enactment data cannot be used because of the difficulty of collection. Additionally, there is no proposed approach known in general for the analysis of process enactment data in software engineering. In this study, we developed a method to show the applicability of process enactment data for...
A framework for qualitative assessment of domain-specific languages
Kahraman, Gokhan; Bilgen, Semih (Springer Science and Business Media LLC, 2015-10-01)
Domain-specific languages (DSLs) are used for improving many facets of software development, but whether and to what extent this aim is achieved is an important issue that must be addressed. This paper presents a proposal for a Framework for Qualitative Assessment of DSLs (FQAD). FQAD is used for determining the perspective of the evaluator, understanding the goal of the assessment and selecting fundamental DSL quality characteristics to guide the evaluator in the process. This framework adapts and integrat...
Citation Formats
A. Isazadeh, I. Elgedawy, J. Karimpour, and H. Izadkhah, “An Analytical Security Model for Existing Software Systems,” APPLIED MATHEMATICS & INFORMATION SCIENCES, pp. 691–702, 2014, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/67692.