Measuring security requirements for software security

Author

Islam, Shareeful ; Falcarin, Paolo

Author_Institution

Sch. of Comput., IT & Eng., Univ. of East London, London, UK

fYear

2011

fDate

1-2 Sept. 2011

Firstpage

70

Lastpage

75

Abstract

For the last decade´s software security has gained attention by industries, experts and all other communities. Secure software is about mitigating risks from assets to achieve business goals. Security is highly depending on the context where software is deployed. But measuring software security even within a specific context is still not mature. This is because properties and metrics for measuring security are not properly defined and methods are lacking to provide a complete picture for measuring software security. Here we identify security requirements through asset based risk management process to describe soft ware security goal. Then based on the Goal-Question-Metric approach the identified security requirements are evaluated for measuring software security.

Keywords

business data processing; formal specification; risk management; security of data; software metrics; asset based risk management; business goal; goal-question-metric approach; risk mitigation; secure software; security metrics; security requirement; software security goal; software security measurement; Authentication; Authorization; Availability; Software; Software measurement; Security metrics; security goal; security requirements; software security;

fLanguage

English

Publisher

ieee

Conference_Titel

Cybernetic Intelligent Systems (CIS), 2011 IEEE 10th International Conference on

Conference_Location

London

Print_ISBN

978-1-4673-0687-4

Type

conf

DOI

10.1109/CIS.2011.6169137

Filename

6169137