Empirical relation between coupling and attackability in software systems:: a case study on DOS

ACM Workshop on Programming Languages and Analysis for Security Pub Date : 2006-06-10 DOI:10.1145/1134744.1134756

M. Y. Liu, I. Traoré

{"title":"Empirical relation between coupling and attackability in software systems:: a case study on DOS","authors":"M. Y. Liu, I. Traoré","doi":"10.1145/1134744.1134756","DOIUrl":null,"url":null,"abstract":"Over the last decades, software quality attributes such as maintainability, reliability, and understandability have been widely studied. In contrast, less attention has been paid to the field of software security. Attackability is a concept proposed recently in the research literature t to measure the extent that a software system or service could be the target of successful attacks. Like most external attributes, attackability is to some extent disconnected from the internal of software products. To improve the quality of software products we need to be able to affect its internal features. So, for attackability measures to be useful for software products enhancement, we need to identify related internal software attributes. We study in this paper the empirical relationship between attackability as an external software quality attribute with coupling as an internal software attribute. Specifically, we use a case study based on denial of service (DOS) attacks conducted against a on line medical record keeping system. Through regression analysis, we establish that there is a strong correlation between attackability and coupling.","PeriodicalId":119000,"journal":{"name":"ACM Workshop on Programming Languages and Analysis for Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1134744.1134756","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

Abstract

Over the last decades, software quality attributes such as maintainability, reliability, and understandability have been widely studied. In contrast, less attention has been paid to the field of software security. Attackability is a concept proposed recently in the research literature t to measure the extent that a software system or service could be the target of successful attacks. Like most external attributes, attackability is to some extent disconnected from the internal of software products. To improve the quality of software products we need to be able to affect its internal features. So, for attackability measures to be useful for software products enhancement, we need to identify related internal software attributes. We study in this paper the empirical relationship between attackability as an external software quality attribute with coupling as an internal software attribute. Specifically, we use a case study based on denial of service (DOS) attacks conducted against a on line medical record keeping system. Through regression analysis, we establish that there is a strong correlation between attackability and coupling.

查看原文本刊更多论文

软件系统中耦合与可攻击性的经验关系:以DOS为例

在过去的几十年里，诸如可维护性、可靠性和可理解性等软件质量属性得到了广泛的研究。相比之下，软件安全领域受到的关注较少。可攻击性是最近在研究文献中提出的一个概念，用于衡量软件系统或服务可能成为成功攻击目标的程度。像大多数外部属性一样，可攻击性在某种程度上与软件产品的内部是分离的。为了提高软件产品的质量，我们需要能够影响它的内部特性。因此，为了使可攻击性度量对软件产品增强有用，我们需要识别相关的内部软件属性。本文研究了可攻击性作为软件质量的外部属性与耦合性作为软件质量的内部属性之间的经验关系。具体来说，我们使用了一个基于拒绝服务(DOS)攻击的案例研究，该攻击针对在线医疗记录保存系统。通过回归分析，我们证明了可攻击性与耦合之间存在很强的相关性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Workshop on Programming Languages and Analysis for Security

自引率

0.00%

发文量