Measuring Software Security from the Design of Software
| Title | Measuring Software Security from the Design of Software |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Saarela, Marko, Hosseinzadeh, Shohreh, Hyrynsalmi, Sami, Leppänen, Ville |
| Conference Name | Proceedings of the 18th International Conference on Computer Systems and Technologies |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5234-5 |
| Keywords | assurance, composability, computer security, evaluation, measuring security, Metrics, pubcrawl, Scalability, security metrics, software assurance, software design, software security |
| Abstract | With the increasing use of mobile phones in contemporary society, more and more networked computers are connected to each other. This has brought along security issues. To solve these issues, both research and development communities are trying to build more secure software. However, there is the question that how the secure software is defined and how the security could be measured. In this paper, we study this problem by studying what kinds of security measurement tools (i.e. metrics) are available, and what these tools and metrics reveal about the security of software. As the result of the study, we noticed that security verification activities fall into two main categories, evaluation and assurance. There exist 34 metrics for measuring the security, from which 29 are assurance metrics and 5 are evaluation metrics. Evaluating and studying these metrics, lead us to the conclusion that the general quality of the security metrics are not in a satisfying level that could be suitably used in daily engineering work flows. They have both theoretical and practical issues that require further research, and need to be improved. |
| URL | http://doi.acm.org/10.1145/3134302.3134334 |
| DOI | 10.1145/3134302.3134334 |
| Citation Key | saarela_measuring_2017 |