Catalog of Metrics for Assessing Security Risks of Software throughout the Software Development Life Cycle

Author

Sultan, Khalid ; En-Nouaary, Abdeslam ; Hamou-Lhadj, Abdelwahab

Author_Institution

Dept. of Electr. & Comput. Eng., Concordia Univ., Montreal, QC

fYear

2008

fDate

24-26 April 2008

Firstpage

461

Lastpage

465

Abstract

In this paper, we present a new set of metrics for building secure software systems. The proposed metrics aim to address security risks throughout the entire software development life cycle (SDLC). The importance of this work comes from the fact that assessing security risks at early stages of the development life cycle can help implement efficient solutions before the software is delivered to the customer. The proposed metrics are defined using the goal/question/metric method. It is anticipated that software engineers will use these metrics in combination with other techniques to detect security risks and prevent these risks from becoming reality. This work is part of a larger research project that aims at examining the concept of "Design for Security". The objective is to investigate software engineering techniques to support security requirements from the very beginning of the development process.

Keywords

safety-critical software; software metrics; software prototyping; design-for-security concept; secure software systems; security risk assessment metrics; software development life cycle; software engineering techniques; Application software; Computer security; Data security; IEC standards; ISO standards; Information security; Power system security; Programming; Software design; Software systems; Software security; design for security; security metrics; software development lifecycle;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security and Assurance, 2008. ISA 2008. International Conference on

Conference_Location

Busan

Print_ISBN

978-0-7695-3126-7

Type

conf

DOI

10.1109/ISA.2008.104

Filename

4511611