An evaluation of the paired comparisons method for software sizing
Proceedings of the 22nd international conference on Software engineering
On the Brittleness of Software and the Infeasibility of Security Metrics
IEEE Security and Privacy
A Metrics Framework to Drive Application Security Improvement
IEEE Security and Privacy
Software security metric identification framework (SSM)
Proceedings of the International Conference on Advances in Computing, Communication and Control
Identification of Basic Measurable Security Components for a Distributed Messaging System
SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Hi-index | 0.00 |
Intangible elements, such as value ranges of software security properties (e.g., confidentiality, integrity and availability), can be seen as resources to enforce software security. There are no standard units regarding these properties, turning their measurement into a difficult process. On the other hand, we can measure or estimate priorities for intangible elements from tangible ones, since their priorities are proportional. The priorities of tangible resources can be used to assign values to the priorities of intangible resources through the experience of the involved analysts. In this paper, we present a theoretical process based on mathematical constructs to score the priority and to estimate measures of software security attributes. This process causes the complex systems decomposition into simpler and smaller systems, thus allowing the estimation of properties that will help the understanding and measurement of software security properties. Our results provide a model for access security; the priority score of security attributes is calculated using the AHP methodology. We illustrate the application of our approach in a Web management system for governmental research institutions, presenting results that may support managers in the prioritization, evaluation and management of security requirements related to Web applications.