Empirical relation between coupling and attackability in software systems:: a case study on DOS

  • Authors:

  • Michael Yanguo Liu;Issa Traore

  • Affiliations:

  • University of Victoria, Victoria BC V8W 3P6, Canada;University of Victoria, Victoria BC V8W 3P6, Canada

  • Venue:
  • Proceedings of the 2006 workshop on Programming languages and analysis for security
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Over the last decades, software quality attributes such as maintainability, reliability, and understandability have been widely studied. In contrast, less attention has been paid to the field of software security. Attackability is a concept proposed recently in the research literature t to measure the extent that a software system or service could be the target of successful attacks. Like most external attributes, attackability is to some extent disconnected from the internal of software products. To improve the quality of software products we need to be able to affect its internal features. So, for attackability measures to be useful for software products enhancement, we need to identify related internal software attributes. We study in this paper the empirical relationship between attackability as an external software quality attribute with coupling as an internal software attribute. Specifically, we use a case study based on denial of service (DOS) attacks conducted against a on line medical record keeping system. Through regression analysis, we establish that there is a strong correlation between attackability and coupling.