Analysis and Evaluating Security of Component-Based Software Development: A Security Metrics Framework

Mir, Irshad Ahmad; Quadri, S. M. K.

doi:10.5815/ijcnis.2012.11.03

Cited by 11 publications

(5 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nonetheless, the task of embedding dependability attributes into the software component development process is less challenging than the task of evaluating the dependability of these attributes [20] because the requirements of dependability attributes must be specified during the early stages of software component development, along with the complex nature of the operational environment itself. A well-established scale that can measure the dependability of a software component remains difficult to establish in the research community [21].…”

Section: Introductionmentioning

confidence: 99%

2DCBS: A Model for Developing Dependable Component-Based Software

Kahtan

Nordin

et al. 2016

Preprint

View full text Add to dashboard Cite

The software industry has adopted component-based software development (CBSD) to rapidly build and deploy large and complex software systems with significant savings at minimal engineering effort, cost, and time. However, CBSD encounters issues on security trust, mainly with respect to dependability attributes. A system is considered dependable when it can produce the outputs for which it was designed with no adverse effect on its intended environment. Dependability consists of several attributes that imply availability, confidentiality, integrity, reliability, safety, and maintainability. Dependability attributes must be embedded in a CBSD model to develop dependable component software. Motivated by the importance of these attributes, this paper pursues two objectives: to design a model for developing a dependable system that mitigates the vulnerabilities of software components, and to evaluate the proposed model. The model proposed in this study is labelled as developing dependable component-based software (2DCBS). To develop this model, the CBSD architectural phases and processes must be framed and the six dependability attributes embedded according to the best practice method. The expert opinion approach was applied to evaluate 2DCBS framing. In addition, the 2DCBS model was applied to the development of an information communication technology (ICT) portal through an empirical study method. Vulnerability assessment tools (VATs) were employed to verify the dependability attributes of the developed ICT portal. Results show that the 2DCBS model can be adopted to develop web application systems and to mitigate the vulnerabilities of the developed systems. This study contributes to CBSD and facilitates the specification and evaluation of dependability attributes throughout model development. Furthermore, the reliability of the dependable model can increase confidence in the use of CBSD for industries.

show abstract

Section: Introductionmentioning

confidence: 99%

2DCBS: A Model for Developing Dependable Component-Based Software

Kahtan

Nordin

et al. 2016

Preprint

View full text Add to dashboard Cite

show abstract

“…Generally Third party verifiers [3] [12] are used to manage these services between cloud and client system. Though there are various third parties are available as an individual in managing the transmission of the data, there is a need for an integrated security [1] model to provide secured transaction between cloud and client system. Among those verifiers, the third party accounting system is used to examine and verify the data sharing in the storage to ensure that the unauthorized person do not access the information.…”

Section: Introductionmentioning

confidence: 99%

A Smart and Generic Secured Storage Model for Web based Systems

Iyappan¹,

Venkatesan²

2014

IJCNIS

View full text Add to dashboard Cite

Nowadays, Recent developments shows that, Cloud computing is a milestone in delivering IT services based on the Internet. Storage as a Service is a type of business model which rents storage space for smaller companies or even for individuals. The vendors are targeting secondary storage by promoting this service which allows a convenient way of managing backups instead of maintaining a large tape library. The key advantage of using Storage service is cost savings of hardware and physical storage spaces. In securing Storage as a Service model, there is a need for a middleware to monitor the data transmission among cloud storage and various clients. The objective of the system aims at developing a smart and integrated dynamic secured storage model which acts as a middleware in supporting all the primary security goals such as confidentiality, data integrity, and accountability. This proposed model will provide secured data dynamics, access controls and auditability. The secured data dynamics is done by Boneh Franklin-Identity Based Cryptography. This model enhances the accounting model in adding indexing policies and provides security in the audit logs through password based cryptography along with AES. This is a generic middleware assisting the basic security features for any cloud environment, so that it can be equipped for any type of system. The main advantage of the proposed system is to reduce the time complexity in encryption and decryption process and also to provide higher degree of security. We also leveraged the implementation of this middleware in a mail server environment with drive option which poses file storage and enables file sharing among the drive users.

show abstract

“…Many studies have stated that the only means to solve software vulnerability is to consider software security development (Khaled and Han, 2006;Kim, 2004;McGraw, 2004;Mir and Quadri, 2012;Simpson, 2012). However, efforts to measure and improve software security remain under investigation (Alberts et al, 2012;Colombo et al, 2012;Karen et al, 2006;Lai, 2012;Steward et al, 2012).…”

Section: Software Securitymentioning

confidence: 99%

Dependability Attributes for Increased Security in Component-Based Software Development

Kahtan

Bakar²,

Nordin³

2014

Journal of Computer Science

View full text Add to dashboard Cite

Existing software applications become increasingly distributed as their continuity and lifetimes are lengthened; consequently, the users' dependence on these applications is increased. The security of these applications has become a primary concern in their design, construction and evolution. Thus, these applications give rise to major concerns on the capability of the current development approach to develop secure systems. Component-Based Software Development (CBSD) is a software engineering approach. CBSD has been successfully applied in many domains. However, the CBSD capability to develop secure software applications is lacking to date. This study is an extension of the previous study on the challenges of the security features in CBSD models. Therefore, this study proposes a solution to the lack of security in CBSD models by highlighting the attributes that must be embedded into the CBSD process. A thorough analysis of existing studies is conducted to investigate the related software security attributes. The outcome analysis is beneficial for industries, such as software development companies, as well as for academic institutions. The analysis also serves as a baseline reference for companies that develop component-based software.

show abstract

Analysis and Evaluating Security of Component-Based Software Development: A Security Metrics Framework

Cited by 11 publications

References 21 publications

2DCBS: A Model for Developing Dependable Component-Based Software

2DCBS: A Model for Developing Dependable Component-Based Software

A Smart and Generic Secured Storage Model for Web based Systems

Dependability Attributes for Increased Security in Component-Based Software Development

Contact Info

Product

Resources

About