Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective

C. Banerjee; Arpita Banerjee; P. D. Murarka

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Process Optimization Time for a Service in 4G Network by SNMP Monitoring and IaaS Cloud Computing

August

2013

An Implementation and Comparative Analysis of PID Controller and their Auto Tuning Method for Three Tank Liquid Level Control

May

2011

Towards Standardization of Deregulated Electricity Market Communications in Nigeria

November

2015

An Analysis of Wide-Area Networks

Oct

2016

Reseach Article

Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective

by C. Banerjee, Arpita Banerjee, P. D. Murarka

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 93 - Number 18

Year of Publication: 2014

Authors: C. Banerjee, Arpita Banerjee, P. D. Murarka

10.5120/16439-6213

C. Banerjee, Arpita Banerjee, P. D. Murarka . Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective. International Journal of Computer Applications. 93, 18 ( May 2014), 47-54. DOI=10.5120/16439-6213

@article{ 10.5120/16439-6213,

author = { C. Banerjee, Arpita Banerjee, P. D. Murarka },

title = { Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective },

journal = { International Journal of Computer Applications },

issue_date = { May 2014 },

volume = { 93 },

number = { 18 },

month = { May },

year = { 2014 },

issn = { 0975-8887 },

pages = { 47-54 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume93/number18/16439-6213/ },

doi = { 10.5120/16439-6213 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-06T22:16:07.014209+05:30

%A C. Banerjee

%A Arpita Banerjee

%A P. D. Murarka

%T Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective

%J International Journal of Computer Applications

%@ 0975-8887

%V 93

%N 18

%P 47-54

%D 2014

%I Foundation of Computer Science (FCS), NY, USA

Abstract

The present age, software is exploited and the understanding of increasing extent of risk exposure as a result is rarely developed. Security should be incorporate right from the requirements phase so that the security is inbuilt and properly incorporated into the software in development. To establish the fact that a process is improving or not is a matter that seems impossible without obtaining the measurements. Security requirements can be defined and developed using a no. of techniques like fault tree analysis, failure mode and effect analysis, threat modeling, misuse / abuse cases, attack tree etc. The obtained requirements are qualitative hence they needs to be converted into quantitative measure using some metrics. Security metrics is defined as quantifiable measures which show how much security a product or process simply possess and is normally built from the low level physical measures and at high level they can be considered as quantifiable measurements of some aspect of the system. Certain Object Oriented modeling techniques like Misuse case, Use case Abuse case are very helpful in incorporating security requirements in the early stages of software development phases. ie requirement phase. In this paper, MACOQR metrics from defensive perspective is proposed whose aim is to measure the predicated and observed ratio of flaw and flawlessness in modeling of misuse cases during requirements engineering phase. The measures and ratios obtained may help the requirements engineering team to plan eliminate defects of misuse case modeling during the requirements engineering phase.

References

Gary McGraw: "Software Security – Building Security In", Addison-Wesley Professional, 2006 ISBN 0321356705.
Bart De Win, et. al. : "On the secure software development process: CLASP, SDL and Touchpoints compared", Journal of Information and Software Technology, Elsevier, Volume 51 Issue 7, July, 2009, pp 1152-1711.
Gary McGraw: "BSIMM: Building Security In Maturity Model", OWASP, June 2012 downloadable from https://www. owasp. org/images/3/37/OWASP-BSIMM-061412. pdf.
George Jelen: SSE-CMM Security Metrics, 2000 downloadable from http://csrc. nist. gov/csspab/june13-15/jelen. pdf.
C. Banerjee, S. K. Pandey (2009): "Software Security Rules: SDLC Perspective", International Journal of Computer Science and Information Security, IJCSIS, USA, Vol. 6, No. 1, October 2009, pp. 123-128.
Sindre, Guttorm, and Andreas L. Opdahl: "Eliciting security requirements with misuse cases", Requirements Engineering 10. 1, Springer, 2005 pp34-44.
Chun Wei, Sia: "Misuse Cases and Abuse Cases in Eliciting Security Requirements", System Security: COMPSCI 725, The University of Auckland, New Zealand, 2005 downloadable from www. cs. auckland. ac. nz/compsci725s2c/archive/termpapers/csia. pdf.
Joshua Pauli, Dianxiang Xu, "Misuse Case-Based Design and Analysis of Secure Software Architecture", International Symposium on Information Technology: Coding and Computing (ITCC 2005), Volume 2, 4-6 April 2005, Las Vegas, Nevada, USA. IEEE Computer Society 2005.
Smriti Jain, Maya Ingle: Review of Security Metrics in Software Development Process, International Journal of Computer Science and Information Technologies, Vol. 2 (6), 2011, ISSN 0975-9646, pp 2627-2631

Index Terms

Computer Science

Information Sciences

Keywords

Software Security Security Requirements Requirements Engineering Security Metrics Software Metrics Software Security Metrics.