Security metrics for source code structures

Authors:
Istehad Chowdhury;Brian Chan;Mohammad Zulkernine
Affiliations:
Queen's University, Kingston, Ontario, Canada;Queen's University, Kingston, Ontario, Canada;Queen's University, Kingston, Ontario, Canada
Venue:
Proceedings of the fourth international workshop on Software engineering for secure systems
Year:
2008

Citing 4
Cited 10

Assessing computer security vulnerability

ACM SIGOPS Operating Systems Review
Security in computing

Security in computing
A Metrics Suite for Object Oriented Design

IEEE Transactions on Software Engineering
Software Security: Building Security In

Software Security: Building Security In

The fourth international workshop on software engineering for secure systems: SESS'08 -- a trusted business world

Companion of the 30th international conference on Software engineering
A systematic method for generating quality requirements spectrum

Proceedings of the 2009 ACM symposium on Applied Computing
Spectrum Analysis for Quality Requirements by Using a Term-Characteristics Map

CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Can complexity, coupling, and cohesion metrics be used as early indicators of vulnerabilities?

Proceedings of the 2010 ACM Symposium on Applied Computing
The fluid software metadata framework (FSM)

Proceedings of the 2nd ACM SIGCHI symposium on Engineering interactive computing systems
A comparison of software design security metrics

Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities

Journal of Systems Architecture: the EUROMICRO Journal
OO Vulnerability: Measuring the vulnerability of an object-oriented design

Network Security
SSL VPNs: SSL VPN and return on investment: A possible combination

Network Security
Improving software security using search-based refactoring

SSBSE'12 Proceedings of the 4th international conference on Search Based Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Software security metrics are measurements to assess security related imperfections (or perfections) introduced during software development. A number of security metrics have been proposed. However, all the perspectives of a software system have not been provided specific attention. While most security metrics evaluate software from a system-level perspective, it can also be useful to analyze defects at a lower level, i.e., at the source code level. To address this issue, we propose some code-level security metrics which can be used to suggest the level of security of a code segment. We provide guidelines about where and how these metrics can be used to improve source code structures. We have also conducted two case studies to demonstrate the applicability of the proposed metrics.