Security metrics for source code structures

Software security metrics are measurements to assess security related imperfections (or perfections) introduced during software development. A number of security metrics have been proposed. However, all the perspectives of a software system have not been provided specific attention. While most security metrics evaluate software from a system-level perspective, it can also be useful to analyze defects at a lower level, i.e., at the source code level. To address this issue, we propose some code-level security metrics which can be used to suggest the level of security of a code segment. We provide guidelines about where and how these metrics can be used to improve source code structures. We have also conducted two case studies to demonstrate the applicability of the proposed metrics.

[1]  Jim Alves-Foss,et al.  Assessing computer security vulnerability , 1995, OPSR.

[2]  David Wright,et al.  Towards Operational Measures of Computer Security , 1993, J. Comput. Secur..

[3]  Indrajit Ray,et al.  Measuring, analyzing and predicting security vulnerabilities in software systems , 2007, Comput. Secur..

[4]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[5]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[6]  M.M.A. Hashem,et al.  An empirical analysis of software systems for measurement of design quality level based on design patterns , 2007, 2007 10th international conference on computer and information technology.

[7]  Keith W. Miller,et al.  Defining an adaptive software security metric from a dynamic software failure tolerance measure , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[8]  K. K. Aggarwal,et al.  Software Design Metrics for Object-Oriented Software , 2007, J. Object Technol..

[9]  Chris F. Kemerer,et al.  A Metrics Suite for Object Oriented Design , 2015, IEEE Trans. Software Eng..