A Three-Dimensional Model for Software Security Evaluation

Zhuobing Han; Xiaohong Li; Ruitao Feng; Jing Hu; Guangquan Xu; Zhiyong Feng

doi:10.1109/TASE.2014.31

Back

Conference proceeding

A Three-Dimensional Model for Software Security Evaluation

Zhuobing Han, Xiaohong Li, Ruitao Feng, Jing Hu, Guangquan Xu and Zhiyong Feng

2014 Theoretical Aspects of Software Engineering Conference, pp.34-41

Theoretical Aspects of Software Engineering Conference, 2014 (Changsha, China, 01/09/2014 - 03/09/2014)

2014

DOI: https://doi.org/10.1109/TASE.2014.31

Metrics

1 Record Views

Abstract

Analytical models

Capability maturity model

Common Criteria

Evidence

Security

Software

Software Life Cycle

Software Security Evaluation

Solid modeling

Testing

Three-Dimensional Model

Uncertainty

Software security evaluation is considered as a significant and indispensible activity in all phases of software development lifecycle, and there are also many factors that should be taken into account such as the environment, risks, and development documents. Despite the achievements of the past several decades, there is still a lack of methodology in evaluating software security systematically. In this paper, we propose a comprehensive model for evaluating the software security from three different but complementary points of view: technology, management and engineering. The technological dimension is 7 security levels based on Evaluation Assurance Levels (EALs) from ISO/IEC15408, the management dimension mainly concerns the management of software infrastructures, development documents and risks, and the engineering dimension focuses on 5 stages of software development lifecycle. Experts evaluate software security through the evidence items which are collected from these three dimensions and provide their assessments. Relying on Analytic Hierarchy Process (AHP) and Dempster-Shafer Evidence Theory, assessments obtained from the experts can be combined and merged to get a score which presents the security degree of software. A case study illustrates how the evaluators may use the proposed approach to evaluate security of their system.

Details

Title: A Three-Dimensional Model for Software Security Evaluation
Creators: Zhuobing Han - Tianjin University
Xiaohong Li - Tianjin University
Ruitao Feng - Tianjin University
Jing Hu - Tianjin University
Guangquan Xu - Tianjin University
Zhiyong Feng - Tianjin University
Publication Details: 2014 Theoretical Aspects of Software Engineering Conference, pp.34-41
Conference: Theoretical Aspects of Software Engineering Conference, 2014 (Changsha, China, 01/09/2014 - 03/09/2014)
Publisher: IEEE
Identifiers: 991013214582602368
Academic Unit: Information Technology; Faculty of Science and Engineering
Language: English
Resource Type: Conference proceeding

A Three-Dimensional Model for Software Security Evaluation

Related links

Metrics

Abstract

Details

Southern Cross University Social media