A comparison of software design security metrics

Authors:
Daniel Mellado;Eduardo Fernández-Medina;Mario Piattini
Affiliations:
University of Castilla-La Mancha., Toledo, Spain;University of Castilla-La Mancha., Ciudad Real, Spain;University of Castilla-La Mancha., Ciudad Real, Spain
Venue:
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Year:
2010

Citing 13
Cited 1

UMLsec: Extending UML for Secure Systems Development

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Information security models and metrics

Proceedings of the 43rd annual Southeast regional conference - Volume 2
Is risk a good security metric?

Proceedings of the 2nd ACM workshop on Quality of protection
A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards & Interfaces
Security metrics for source code structures

Proceedings of the fourth international workshop on Software engineering for secure systems
Experimental comparison of attack trees and misuse cases for security threat identification

Information and Software Technology
Security metrics for software systems

Proceedings of the 47th Annual Southeast Regional Conference
Security Estimation Framework: Design Phase Perspective

ITNG '09 Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations
Designing secure databases

Information and Software Technology
Security Metrics for Object-Oriented Class Designs

QSIC '09 Proceedings of the 2009 Ninth International Conference on Quality Software
M-BPSec: a method for security requirement elicitation from a UML 2.0 business process specification

ER'07 Proceedings of the 2007 conference on Advances in conceptual modeling: foundations and applications
Secure Systems Development with UML

Secure Systems Development with UML

Estimating risk levels for vulnerability categories using CVSS

International Journal of Internet Technology and Secured Transactions

Quantified Score

Hi-index	0.00

Visualization

Abstract

A lack of security metrics signifies that it is not possible to measure the success of security policies, mechanisms and implementations, and security cannot, in turn, be improved if it cannot be measured. The importance of the use of metrics to obtain security quality is thus widely accepted. However, the definition of security metrics concerns a discipline which is still in its first stages of development, meaning that few documented resources or works centring on this subject exist to date. In this paper we shall therefore study the latest existing models with which to define security metrics and their components as aspects that have a bearing on the quality of software products with the intention that this will serve as a basis for continued advancement in research into this area of knowledge.