Security metrics to improve misuse case model

Author

Abdulrazeg, Ala A. ; Norwawi, Norita Md ; Basir, Nurlida

Author_Institution

Fac. of Sci. & Technol., Univ. Sains Islam Malaysia, Nilai, Malaysia

fYear

2012

fDate

26-28 June 2012

Firstpage

94

Lastpage

99

Abstract

Assessing security at an early stage of the web application development life cycle helps to design a secure system that can withstand malicious attacks. Measuring security at the requirement stage of the system development life cycle assists in mitigating vulnerabilities and increasing the security of the developed system, which reduces cost and rework. In this paper, we present a security metrics model based on the Goal Question Metric approach, focusing on the design of the misuse case model. The security metrics model assists in examining the misuse case model to discover and fix defects and vulnerabilities before moving to the next stages of system development. The presented security metrics are based on the OWASP top 10-2010, in addition to misuse case modelling antipattern.

Keywords

Internet; security of data; OWASP top 10-2010; Web application development life cycle; goal question metric approach; malicious attacks; misuse case model design; misuse case model improvement; misuse case modelling antipattern; security metrics model; Authentication; Electromagnetic compatibility; Object oriented modeling; Software; Software measurement; Measurement; Misuse case; Security Metrics; Security Requirements; Web Application Security Risks;

fLanguage

English

Publisher

ieee

Conference_Titel

Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on

Conference_Location

Kuala Lumpur

Print_ISBN

978-1-4673-1425-1

Type

conf

DOI

10.1109/CyberSec.2012.6246129

Filename

6246129