Assessing security properties of software components: a software engineer´s perspective

Author

Khan, Khaled M. ; Han, Jun

Author_Institution

Sch. of Comput. & Math., Univ. of Western Sydney, Penrith, NSW

fYear

2006

Lastpage

210

Abstract

The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components

Keywords

formal specification; formal verification; object-oriented programming; security of data; Common Criteria for Information Technology Security Evaluation; ISO/IEC 15408; MultiElement Component Comparison and Analysis model; candidate component; component-specific security rating; software component security properties assessment scheme; software engineer perspective; system-specific security requirement specification; Application software; Australia; Communication system security; Communications technology; IEC standards; ISO standards; Information security; Mathematics; Paper technology; Software engineering;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Engineering Conference, 2006. Australian

Conference_Location

Sydney, NSW

ISSN

1530-0803

Print_ISBN

0-7695-2551-2

Type

conf

DOI

10.1109/ASWEC.2006.13

Filename

1615053