Sciweavers

ASWEC
2006
IEEE

Assessing Security Properties of Software Components: A Software Engineer's Perspective

14 years 6 months ago
Assessing Security Properties of Software Components: A Software Engineer's Perspective
The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components.
Khaled M. Khan, Jun Han
Added 10 Jun 2010
Updated 10 Jun 2010
Type Conference
Year 2006
Where ASWEC
Authors Khaled M. Khan, Jun Han
Comments (0)