DocumentCode :
2759605
Title :
Adaptive and quantitative comparison of J2EE vs. .NET based on attack surface metric
Author :
Nasiri, Sarvieh ; Azmi, Reza ; Khalaj, Reza
Author_Institution :
Inf. Technol., Malek Ashtar Univ., Tehran, Iran
fYear :
2010
fDate :
4-6 Dec. 2010
Firstpage :
199
Lastpage :
205
Abstract :
Development platforms have an important role in software´s development and production. Prior work has shown that a system´s attack surface measurement serves as a reliable proxy for security of similar software systems. A key challenge in attack surface measurement method is the estimation of the damage potential ratio. In our approach, it is applied Common Vulnerability Scoring System (CVSS) as a reliable metrics than the prior work. We show that, the attack surface of .NET platform is less than J2EE. Since only part of development environment is applied, so measuring the actual attack surface is depended on usage.
Keywords :
Java; industrial property; network operating systems; software metrics; software reliability; .NET; CVSS; J2EE; common vulnerability scoring system; reliable proxy; software development; software system security; system attack surface measurement; Authentication; Servers; Software systems; Weight measurement; CVSS; attack surface; attack vector; damage potential-effort;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Telecommunications (IST), 2010 5th International Symposium on
Conference_Location :
Tehran
Print_ISBN :
978-1-4244-8183-5
Type :
conf
DOI :
10.1109/ISTEL.2010.5734024
Filename :
5734024
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2759605
بازگشت