Assessing security properties of software components: A software engineer's perspective
The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use. in order to get a first-hand preliminary assessment of the security posture of candidate components.
History
Available versions
PDF (Published version)Publisher DOI
ISBN
769525512Journal title
Proceedings of the Australian Software Engineering Conference, ASWECConference name
The Australian Software Engineering Conference, ASWECVolume
2006Pagination
9 ppPublisher
IEEECopyright statement
Copyright © 2006 IEEE. The published version is reproduced in accordance with the copyright policy of the publisher. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in oTher works must be obtained from The IEEE.Language
engUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC