Abstract
![CDATA[The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components.]]
Original language | English |
---|---|
Title of host publication | IEEE Australian Software Engineering Conference, 2006 |
Publisher | IEEE |
Number of pages | 12 |
ISBN (Print) | 0769525512 |
Publication status | Published - 2006 |
Event | Australian Software Engineering Conference - Duration: 1 Jan 2006 → … |
Conference
Conference | Australian Software Engineering Conference |
---|---|
Period | 1/01/06 → … |
Keywords
- computer security
- evaluation
- information technology
- security measures
- software engineering