CFP last date
20 January 2025
Reseach Article

Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective

by C. Banerjee, Arpita Banerjee, P. D. Murarka
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 93 - Number 18
Year of Publication: 2014
Authors: C. Banerjee, Arpita Banerjee, P. D. Murarka
10.5120/16439-6213

C. Banerjee, Arpita Banerjee, P. D. Murarka . Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective. International Journal of Computer Applications. 93, 18 ( May 2014), 47-54. DOI=10.5120/16439-6213

@article{ 10.5120/16439-6213,
author = { C. Banerjee, Arpita Banerjee, P. D. Murarka },
title = { Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective },
journal = { International Journal of Computer Applications },
issue_date = { May 2014 },
volume = { 93 },
number = { 18 },
month = { May },
year = { 2014 },
issn = { 0975-8887 },
pages = { 47-54 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume93/number18/16439-6213/ },
doi = { 10.5120/16439-6213 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:16:07.014209+05:30
%A C. Banerjee
%A Arpita Banerjee
%A P. D. Murarka
%T Measuring Software Security using MACOQR (Misuse and Abuse Case Oriented Quality Requirement) Metrics: Defensive Perspective
%J International Journal of Computer Applications
%@ 0975-8887
%V 93
%N 18
%P 47-54
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The present age, software is exploited and the understanding of increasing extent of risk exposure as a result is rarely developed. Security should be incorporate right from the requirements phase so that the security is inbuilt and properly incorporated into the software in development. To establish the fact that a process is improving or not is a matter that seems impossible without obtaining the measurements. Security requirements can be defined and developed using a no. of techniques like fault tree analysis, failure mode and effect analysis, threat modeling, misuse / abuse cases, attack tree etc. The obtained requirements are qualitative hence they needs to be converted into quantitative measure using some metrics. Security metrics is defined as quantifiable measures which show how much security a product or process simply possess and is normally built from the low level physical measures and at high level they can be considered as quantifiable measurements of some aspect of the system. Certain Object Oriented modeling techniques like Misuse case, Use case Abuse case are very helpful in incorporating security requirements in the early stages of software development phases. ie requirement phase. In this paper, MACOQR metrics from defensive perspective is proposed whose aim is to measure the predicated and observed ratio of flaw and flawlessness in modeling of misuse cases during requirements engineering phase. The measures and ratios obtained may help the requirements engineering team to plan eliminate defects of misuse case modeling during the requirements engineering phase.

References
  1. Gary McGraw: "Software Security – Building Security In", Addison-Wesley Professional, 2006 ISBN 0321356705.
  2. Bart De Win, et. al. : "On the secure software development process: CLASP, SDL and Touchpoints compared", Journal of Information and Software Technology, Elsevier, Volume 51 Issue 7, July, 2009, pp 1152-1711.
  3. Gary McGraw: "BSIMM: Building Security In Maturity Model", OWASP, June 2012 downloadable from https://www. owasp. org/images/3/37/OWASP-BSIMM-061412. pdf.
  4. George Jelen: SSE-CMM Security Metrics, 2000 downloadable from http://csrc. nist. gov/csspab/june13-15/jelen. pdf.
  5. C. Banerjee, S. K. Pandey (2009): "Software Security Rules: SDLC Perspective", International Journal of Computer Science and Information Security, IJCSIS, USA, Vol. 6, No. 1, October 2009, pp. 123-128.
  6. Sindre, Guttorm, and Andreas L. Opdahl: "Eliciting security requirements with misuse cases", Requirements Engineering 10. 1, Springer, 2005 pp34-44.
  7. Chun Wei, Sia: "Misuse Cases and Abuse Cases in Eliciting Security Requirements", System Security: COMPSCI 725, The University of Auckland, New Zealand, 2005 downloadable from www. cs. auckland. ac. nz/compsci725s2c/archive/termpapers/csia. pdf.
  8. Joshua Pauli, Dianxiang Xu, "Misuse Case-Based Design and Analysis of Secure Software Architecture", International Symposium on Information Technology: Coding and Computing (ITCC 2005), Volume 2, 4-6 April 2005, Las Vegas, Nevada, USA. IEEE Computer Society 2005.
  9. Smriti Jain, Maya Ingle: Review of Security Metrics in Software Development Process, International Journal of Computer Science and Information Technologies, Vol. 2 (6), 2011, ISSN 0975-9646, pp 2627-2631
Index Terms

Computer Science
Information Sciences

Keywords

Software Security Security Requirements Requirements Engineering Security Metrics Software Metrics Software Security Metrics.