On the Relationship between Software Complexity and Security

This work aims at discussing the complexity aspect of software while demonstrating its relationship with security. Complexity is an essential part of software; however, numerous studies indicate that they increase the vulnerability of the software systems and introduce bugs in the program. Many developers face difficulty when trying to understand the complex components of software. Complexity in software increases when objects in the software are used to design a more complex object while creating a hierarchical complexity in the system. However, it is necessary for the developers to strive for minimum complexity, as increased complexity introduces security risks in the software, which can cause severe monetary and reputational damage to a government or a private organization. It even causes bodily harm to human beings with various examples found in previous years where security breaches led to severe consequences. Hence it is vital to maintain low complexity and simple design of structure. Various developers tend to introduce deliberate complexities in the system so that they do not have to write the same program twice; however, it is getting problematic for the software organizations as the demands of security are continually increasing.

[1]  Ecir Uğur Küçüksille,et al.  A Novel Approach to Determine Software Security Level using Bayes Classifier via Static Code Metrics , 2016 .

[2]  Phillip A. Laplante,et al.  Dictionary of Computer Science, Engineering, and Technology , 2000 .

[3]  Iulian Neamtiu,et al.  Towards a better understanding of software evolution: An empirical study on open source software , 2009, 2009 IEEE International Conference on Software Maintenance.

[4]  Laurie A. Williams,et al.  Is complexity really the enemy of software security? , 2008, QoP '08.

[5]  Saudi Arabia,et al.  Empirical Analysis of the Complexity Evolution in Open-Source Software Systems , 2015 .

[6]  Gabriele Manduchi,et al.  Measuring software evolution at a nuclear fusion experiment site: a test case for the applicability of OO and reuse metrics in software characterization , 2002, Inf. Softw. Technol..

[7]  Shari Lawrence Pfleeger,et al.  Software Metrics : A Rigorous and Practical Approach , 1998 .

[8]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[9]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[10]  James Walden,et al.  An Empirical Study of the Evolution of PHP Web Application Security , 2011, 2011 Third International Workshop on Security Measurements and Metrics.

[11]  Yuanfang Cai,et al.  Towards an Architecture-Centric Approach to Security Analysis , 2016, 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA).

[12]  Christian Kreiner,et al.  Integrated design for tackling safety and security challenges of smart products and digital manufacturing , 2017 .

[13]  Ramanath Subramanyam,et al.  Empirical Analysis of CK Metrics for Object-Oriented Design Complexity: Implications for Software Defects , 2003, IEEE Trans. Software Eng..

[14]  M. Alenezi,et al.  DISCOVERING THE RELATIONSHIP BETWEEN SOFTWARE COMPLEXITY AND SOFTWARE VULNERABILITIES , 2018 .

[15]  C. Kemerer,et al.  OO Metrics in Practice , 2005, IEEE Softw..

[16]  Laurie A. Williams,et al.  Challenges with applying vulnerability prediction models , 2015, HotSoS.

[17]  Sonia Chiasson,et al.  Security in the Software Development Lifecycle , 2018, SOUPS @ USENIX Security Symposium.

[18]  Baldoino Fonseca dos Santos Neto,et al.  Software Metrics and Security Vulnerabilities: Dataset and Exploratory Study , 2016, 2016 12th European Dependable Computing Conference (EDCC).

[19]  Abram Hindle Complexity: Let's Not Make This Complicated , 2019, IEEE Softw..

[20]  Yingxu Wang,et al.  On the Cognitive Complexity of Software and its Quantification and Formal Measurement , 2009, Int. J. Softw. Sci. Comput. Intell..

[21]  Sandro Morasca,et al.  Property-Based Software Engineering Measurement , 1996, IEEE Trans. Software Eng..

[22]  A. Shiryayev On Tables of Random Numbers , 1993 .

[23]  Mohammad Zulkernine,et al.  Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities , 2011, J. Syst. Archit..

[24]  Alan MacCormack,et al.  Exploring the Structure of Complex Software Designs: An Empirical Study of Open Source and Proprietary Code , 2006, Manag. Sci..