Assessing security properties of software components : a software engineer's perspective

Khaled M. Khan, Jun Han

    Research output: Chapter in Book / Conference PaperConference Paper

    Abstract

    ![CDATA[The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components.]]
    Original languageEnglish
    Title of host publicationIEEE Australian Software Engineering Conference, 2006
    PublisherIEEE
    Number of pages12
    ISBN (Print)0769525512
    Publication statusPublished - 2006
    EventAustralian Software Engineering Conference -
    Duration: 1 Jan 2006 → …

    Conference

    ConferenceAustralian Software Engineering Conference
    Period1/01/06 → …

    Keywords

    • computer security
    • evaluation
    • information technology
    • security measures
    • software engineering

    Fingerprint

    Dive into the research topics of 'Assessing security properties of software components : a software engineer's perspective'. Together they form a unique fingerprint.

    Cite this