衡量软件安全的安全需求

2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS) Pub Date : 2011-09-01 DOI:10.1109/CIS.2011.6169137

Shareeful Islam, P. Falcarin

{"title":"衡量软件安全的安全需求","authors":"Shareeful Islam, P. Falcarin","doi":"10.1109/CIS.2011.6169137","DOIUrl":null,"url":null,"abstract":"For the last decade's software security has gained attention by industries, experts and all other communities. Secure software is about mitigating risks from assets to achieve business goals. Security is highly depending on the context where software is deployed. But measuring software security even within a specific context is still not mature. This is because properties and metrics for measuring security are not properly defined and methods are lacking to provide a complete picture for measuring software security. Here we identify security requirements through asset based risk management process to describe soft ware security goal. Then based on the Goal-Question-Metric approach the identified security requirements are evaluated for measuring software security.","PeriodicalId":286889,"journal":{"name":"2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":"{\"title\":\"Measuring security requirements for software security\",\"authors\":\"Shareeful Islam, P. Falcarin\",\"doi\":\"10.1109/CIS.2011.6169137\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"For the last decade's software security has gained attention by industries, experts and all other communities. Secure software is about mitigating risks from assets to achieve business goals. Security is highly depending on the context where software is deployed. But measuring software security even within a specific context is still not mature. This is because properties and metrics for measuring security are not properly defined and methods are lacking to provide a complete picture for measuring software security. Here we identify security requirements through asset based risk management process to describe soft ware security goal. Then based on the Goal-Question-Metric approach the identified security requirements are evaluated for measuring software security.\",\"PeriodicalId\":286889,\"journal\":{\"name\":\"2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)\",\"volume\":\"73 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"22\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIS.2011.6169137\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIS.2011.6169137","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 22

摘要

在过去的十年里，软件安全已经得到了行业、专家和所有其他社区的关注。安全软件是关于减轻资产风险以实现业务目标。安全性在很大程度上取决于软件部署的环境。但是，即使在特定的环境中衡量软件安全性仍然不成熟。这是因为用于度量安全性的属性和度量没有被正确地定义，并且缺乏方法来为度量软件安全性提供一个完整的画面。在这里，我们通过基于资产的风险管理过程来确定安全需求，以描述软件安全目标。然后基于目标-问题-度量方法对识别出的安全需求进行评估，以度量软件的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Measuring security requirements for software security

For the last decade's software security has gained attention by industries, experts and all other communities. Secure software is about mitigating risks from assets to achieve business goals. Security is highly depending on the context where software is deployed. But measuring software security even within a specific context is still not mature. This is because properties and metrics for measuring security are not properly defined and methods are lacking to provide a complete picture for measuring software security. Here we identify security requirements through asset based risk management process to describe soft ware security goal. Then based on the Goal-Question-Metric approach the identified security requirements are evaluated for measuring software security.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS)

自引率

0.00%

发文量