Where academic tradition
meets the exciting future

Measuring Software Security from the Design of Software

Marko Saarela, Shohreh Hosseinzadeh, Sami Hyrynsalmi, Ville Leppänen, Measuring Software Security from the Design of Software. In: Boris Rachev, Angel Smrikarov (Eds.), 18-th International Conference on Computer Systems and Technologies, CompSysTech'17, 179–186, ACM, 2017.

http://dx.doi.org/10.1145/3134302.3134334

Abstract:

With the increasing use of mobile phones in contemporary society, more and more networked computers are connected to each other. This has brought along security issues. To solve these issues, both research and development communities are trying to build more secure software. However, there is the question that how the secure software is defined and how the security could be measured. In this paper, we study this problem by studying what kinds of security measurement tools (i.e., metrics) are available, and what these tools and metrics reveal about the security of software. As the result of the study, we noticed that security verification activities fall into two main categories, evaluation and assurance. There exist 34 metrics for measuring the security, from which 29 are assurance metrics and 5 are evaluation metrics. Evaluating and studying these metrics, lead us to the conclusion that the general quality of the security metrics are not in a satisfying level that could be suitably used in daily engineering work flows. They have both theoretical and practical issues that require further research, and need to be improved.

BibTeX entry:

@INPROCEEDINGS{inpSaHoHyLe17a,
  title = {Measuring Software Security from the Design of Software},
  booktitle = {18-th International Conference on Computer Systems and Technologies},
  author = {Saarela, Marko and Hosseinzadeh, Shohreh and Hyrynsalmi, Sami and Leppänen, Ville},
  series = {CompSysTech'17},
  editor = {Rachev, Boris and Smrikarov, Angel},
  publisher = {ACM},
  pages = {179–186},
  year = {2017},
  keywords = {computer security, software security, software design, evaluation, assurance, measuring security, metrics},
}

Belongs to TUCS Research Unit(s): Software Development Laboratory (SwDev)

Publication Forum rating of this publication: level 1

Edit publication