DocumentCode
2759605
Title
Adaptive and quantitative comparison of J2EE vs. .NET based on attack surface metric
Author
Nasiri, Sarvieh ; Azmi, Reza ; Khalaj, Reza
Author_Institution
Inf. Technol., Malek Ashtar Univ., Tehran, Iran
fYear
2010
fDate
4-6 Dec. 2010
Firstpage
199
Lastpage
205
Abstract
Development platforms have an important role in software´s development and production. Prior work has shown that a system´s attack surface measurement serves as a reliable proxy for security of similar software systems. A key challenge in attack surface measurement method is the estimation of the damage potential ratio. In our approach, it is applied Common Vulnerability Scoring System (CVSS) as a reliable metrics than the prior work. We show that, the attack surface of .NET platform is less than J2EE. Since only part of development environment is applied, so measuring the actual attack surface is depended on usage.
Keywords
Java; industrial property; network operating systems; software metrics; software reliability; .NET; CVSS; J2EE; common vulnerability scoring system; reliable proxy; software development; software system security; system attack surface measurement; Authentication; Servers; Software systems; Weight measurement; CVSS; attack surface; attack vector; damage potential-effort;
fLanguage
English
Publisher
ieee
Conference_Titel
Telecommunications (IST), 2010 5th International Symposium on
Conference_Location
Tehran
Print_ISBN
978-1-4244-8183-5
Type
conf
DOI
10.1109/ISTEL.2010.5734024
Filename
5734024
Link To Document