Assessing Security Properties of Software Components: A Software Engineer?s Perspective

Sydney, Australia April 18-April 21

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ASWEC.2006.13

Australian Software Engineering Confe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Khaled M. Khan Articles by Jun Han

	ASCII Text	x
	Khaled M. Khan, Jun Han, "Assessing Security Properties of Software Components: A Software Engineer?s Perspective," Australian Software Engineering Conference, pp. 199-210, Australian Software Engineering Conference (ASWEC'06), 2006.

	BibTex	x
	@article{ 10.1109/ASWEC.2006.13, author = {Khaled M. Khan and Jun Han}, title = {Assessing Security Properties of Software Components: A Software Engineer?s Perspective}, journal ={Australian Software Engineering Conference}, volume = {0}, year = {2006}, issn = {1530-0803}, pages = {199-210}, doi = {http://doi.ieeecomputersociety.org/10.1109/ASWEC.2006.13}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Australian Software Engineering Conference TI - Assessing Security Properties of Software Components: A Software Engineer?s Perspective SN - 1530-0803 SP199 EP210 A1 - Khaled M. Khan, A1 - Jun Han, PY - 2006 KW - null VL - 0 JA - Australian Software Engineering Conference ER -

Khaled M. Khan, University of Western Sydney, Australia

Jun Han, Swinburne University of Technology, Australia

The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components.

Citation:

Khaled M. Khan, Jun Han, "Assessing Security Properties of Software Components: A Software Engineer?s Perspective," aswec, pp.199-210, Australian Software Engineering Conference (ASWEC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.