Title :
A threatened-based software security evaluation method
Author :
Razian, Mohammad Reza ; Sangchi, Hasan Mokhtari
Author_Institution :
Dept. of Comput. Eng., Sharif Univ. of Technol., Tehran, Iran
Abstract :
Nowadays, security evaluation of software is a substantial matter in software world. Security level of software will be determined by wealth of data and operation which it provides for us. The security level is usually evaluated by a third party, named Software Security Certification Issuance Centers. It is important for software security evaluators to perform a sound and complete evaluation, which is a complicated process considering the increasing number of emerging threats. In this paper we propose a Threatened-based Software Security Evaluation method to improve the security evaluation process of software. In this method, we focus on existing threatened entities of software which in turn result in software threats and their corresponding controls and countermeasures. We also demonstrate a Security Evaluation Assistant (SEA) tool to practically show the effectiveness of our evaluation method.
Keywords :
security of data; software performance evaluation; software tools; SEA; security evaluation assistant tool; software security certification issuance centers; software threats; threatened-based software security evaluation method; Certification; Feature extraction; Organizations; Security; Software; Standards; Vectors; Assessment; Control; Evaluation; Security; Security Certification; Software; Software Security; Threat; Threatened;
Conference_Titel :
Information Security and Cryptology (ISCISC), 2014 11th International ISC Conference on
Conference_Location :
Tehran
DOI :
10.1109/ISCISC.2014.6994034
