Title :
Catalog of Metrics for Assessing Security Risks of Software throughout the Software Development Life Cycle
Author :
Sultan, Khalid ; En-Nouaary, Abdeslam ; Hamou-Lhadj, Abdelwahab
Author_Institution :
Dept. of Electr. & Comput. Eng., Concordia Univ., Montreal, QC
Abstract :
In this paper, we present a new set of metrics for building secure software systems. The proposed metrics aim to address security risks throughout the entire software development life cycle (SDLC). The importance of this work comes from the fact that assessing security risks at early stages of the development life cycle can help implement efficient solutions before the software is delivered to the customer. The proposed metrics are defined using the goal/question/metric method. It is anticipated that software engineers will use these metrics in combination with other techniques to detect security risks and prevent these risks from becoming reality. This work is part of a larger research project that aims at examining the concept of "Design for Security". The objective is to investigate software engineering techniques to support security requirements from the very beginning of the development process.
Keywords :
safety-critical software; software metrics; software prototyping; design-for-security concept; secure software systems; security risk assessment metrics; software development life cycle; software engineering techniques; Application software; Computer security; Data security; IEC standards; ISO standards; Information security; Power system security; Programming; Software design; Software systems; Software security; design for security; security metrics; software development lifecycle;
Conference_Titel :
Information Security and Assurance, 2008. ISA 2008. International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3126-7
DOI :
10.1109/ISA.2008.104
