Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
An Analytical Security Model for Existing Software Systems
Download
index.pdf
Date
2014-03-01
Author
Isazadeh, Ayaz
Elgedawy, Islam
Karimpour, Jaber
Izadkhah, Habib
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
136
views
80
downloads
Cite This
Nowadays, evaluation of software security, as one of the important quality attributes, is of paramount importance. There are many software systems have not considered security in their design; this makes them vulnerable to security risks. Architecture is the most important consideration in software design that affects final quality of software. Quality attributes such as efficiency and reliability have been studied at software architecture level; however, no report has ever been provided about the effect of software architecture on security. The purpose of this paper is to propose a mathematical-based method for evaluating and quantifying software security using the coupling aspects of the software architecture. To achieve this goal, first, we show the relationship between coupling types and vulnerability using an empirical-based software engineering technique that adopts Mozilla Firefox Browser vulnerability data. Then, we propose a mathematical weighted relationship between coupling types and vulnerability, where regression statistical analysis and Mozilla Firefox vulnerability data are used to predicate the relationship coefficients. Finally, we extract software architecture using DAGC tool and then convert the extracted architecture into Discrete Time Markov chains, which are used to predict and compute the system over all vulnerability.
Subject Keywords
Security
,
Software Architecture
,
Mozilla Firefox Browser
,
Markov chains
URI
https://hdl.handle.net/11511/67692
Journal
APPLIED MATHEMATICS & INFORMATION SCIENCES
DOI
https://doi.org/10.12785/amis/080228
Collections
Engineering, Article
Suggestions
OpenMETU
Core
A method for product defectiveness prediction by using process enactment data in a small software organization
Sivrioğlu, Damla; Demirörs, Onur; Tarhan, Ayça; Department of Information Systems (2012)
As a part of the quality management, product defectiveness prediction is vital for small software organizations as for instutional ones. Although for defect prediction there have been conducted a lot of studies, process enactment data cannot be used because of the difficulty of collection. Additionally, there is no proposed approach known in general for the analysis of process enactment data in software engineering. In this study, we developed a method to show the applicability of process enactment data for...
An Ontology based approach to requirements reuse problem in software product lines
Karataş, Elif Kamer; Birtürk, Ayşenur; Department of Computer Engineering (2012)
With new paradigms in software engineering such as Software Product Lines, scope of reuse is enlarged from implementation upto design, requirements, test-cases, etc. In this thesis an ontology-based approach is proposed as a solution to systematic requirement reuse problem in software product lines, and the approach is supported with a reuse automation tool. A case study is performed on the projects of an industrial software product line using hereby proposed solution and then based on the evaluated metrics...
A framework for qualitative assessment of domain-specific languages
Kahraman, Gokhan; Bilgen, Semih (Springer Science and Business Media LLC, 2015-10-01)
Domain-specific languages (DSLs) are used for improving many facets of software development, but whether and to what extent this aim is achieved is an important issue that must be addressed. This paper presents a proposal for a Framework for Qualitative Assessment of DSLs (FQAD). FQAD is used for determining the perspective of the evaluator, understanding the goal of the assessment and selecting fundamental DSL quality characteristics to guide the evaluator in the process. This framework adapts and integrat...
A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
A size measurement method for Enterprise Applications
Ömüral, Neslihan Küçükateş; Demirörs, Onur (2022-01-01)
Enterprise Applications are known as one of the best practices of software reuse. They are complex applications, including most of the business processes. In this domain, size measurements and effort predictions are mostly performed in an ad-hoc fashion, and they frequently suffer from schedule and budget overruns. We developed a size measurement method for Enterprise Applications and explained this novel method in this paper. We categorized transactions as “unchanged”, “changed”, and “new” in this method. ...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
A. Isazadeh, I. Elgedawy, J. Karimpour, and H. Izadkhah, “An Analytical Security Model for Existing Software Systems,”
APPLIED MATHEMATICS & INFORMATION SCIENCES
, pp. 691–702, 2014, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/67692.
