Title :
Using Security Patterns to Combine Security Metrics
Author :
Heyman, Thomas ; Scandariato, Riccardo ; Huygens, Christophe ; Joosen, Wouter
Author_Institution :
Dept. of Comput. Sci., DistriNet, Leuven
Abstract :
Measuring security is an important step in creating and deploying secure applications. In order to efficiently measure the level of security that an application provides, three problems need to be solved: obviously metrics need to be available, a suitable metrics framework needs to be chosen and implemented, and the resulting measurements need to be interpreted. This work focuses on the second and third problem. We propose an approach to facilitate the selection and integration of appropriate security metrics, and to support the aggregation and interpretation of measurements. Our approach associates security metrics to security patterns, and we exploit the relationships between security patterns and security objectives to enable the interpretation of measurements. The approach is illustrated in a case study.
Keywords :
security of data; software metrics; measurement interpretation; security metrics; security patterns; software security; Application software; Authentication; Availability; Computer science; Computer security; Measurement units; Runtime; Software design; Software engineering; Software packages; Security metrics; security patterns;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.54
