Abstract
With the advent of new technologies, software has become relatively more interactive and has extended support for multiple users in a distributed as well as collaborative environment. Though the extensive use of software by the global players have surely improved productivity and efficiency, but at the same time has also provided ample opportunity for the attackers to exploit it. The software development team has been inspired by the idea of strengthening the software against such attacks. Many techniques are available for security implementation during its development and among them OO techniques like use case, misuse case, and abuse case due to their simplicity are mostly favored. Since security is a qualitative feature of software, and mechanism should be in place to provide its quantification so that it can be measured and controlled. This paper extends the previous work done by the researchers using misuse case modeling and integrates it with abuse case modeling and proposes iMACOQR (improvised Misuse and Abuse Case Oriented Quality Requirements) metrics framework. It was found that after applying the proposed iMACOQR metrics framework as per the recommended implementation mechanism, the security team of the software development process may eliminate vulnerability, induce proper mitigation mechanism, and specify improvised security requirements during requirements elicitation phase and thus more secure software could be built.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015)
Zhang, D., Liu, D., Csallner, C., Kung, D., Lei, Y.: A distributed framework for demand-driven software vulnerability detection. J. Syst. Softw. 87, 60–73 (2014)
McMahon, J.: An analysis of the characteristics of cyber attacks. Discov. Invention Appl. (1) (2014)
Banerjee, C., Banerjee, A., Murarka, P.D.: Evaluating the relevance of prevailing software metrics to address issue of security implementation in SDLC. Int. J. Adv. Stud. Comput. Sci. Eng. 3(3), 18 (2014)
Banerjee, C., Pandey, S.K.: Software Security Rules, SDLC Perspective (2009). arXiv:0911.0494
McGraw, G.: Software Security: Building Security in (Vol. 1). Addison-Wesley Professional (2006)
Fenton, N., Bieman, J.: Software Metrics: A Rigorous and Practical Approach. CRC Press (2014)
Brotby, W.K., Hinson, G.: PRAGMATIC Security Metrics: Applying Metametrics to Information Security. CRC Press (2013)
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. John Wiley & Sons (2013)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10(1), 34–44 (2005)
Kulak, D., Guiney, E.: Use Cases: Requirements in Context. Addison-Wesley (2012)
Wiegers, K., Beatty, J.: Software Requirements. Pearson Education (2013)
McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC’99), pp. 55–64. IEEE (1999)
Abdulrazeg, A., Norwawi, N.M., Basir, N.: Security metrics to improve misuse case model. In: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), pp. 94–99. IEEE (2012, June)
Okubo, T., Taguchi, K., Kaiya, H., Yoshioka, N.: Masg: advanced misuse case analysis model with assets and security goals. J. Inf. Process. 22(3), 536–546 (2014)
Banerjee, C., Banerjee, A., Murarka, P.D.: Measuring software security using MACOQR (misuse and abuse case oriented quality requirement) metrics: defensive perspective. Int. J. Comput. Appl. 93(18), 47–54 (2014)
Banerjee, C., Banerjee, A., Murarka, P.D.: Measuring software security using MACOQR (misuse and abuse case oriented quality requirement) metrics: attackers perspective. Int. J. Emerg. Trends Technol. Comput. Sci. 3(2), 245–250 (2014)
Banerjee, C., et al.: MCOQR (misuse case oriented quality requirements) metrics framework. In: Deepti (ed.) Problem solving and uncertainty modeling through optimization and soft computing applications. IGI Global Publishers (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Banerjee, A., Banerjee, C., Pandey, S.K., Poonia, A.S. (2016). Development of iMACOQR Metrics Framework for Quantification of Software Security. In: Pant, M., Deep, K., Bansal, J., Nagar, A., Das, K. (eds) Proceedings of Fifth International Conference on Soft Computing for Problem Solving. Advances in Intelligent Systems and Computing, vol 437. Springer, Singapore. https://doi.org/10.1007/978-981-10-0451-3_63
Download citation
DOI: https://doi.org/10.1007/978-981-10-0451-3_63
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0450-6
Online ISBN: 978-981-10-0451-3
eBook Packages: EngineeringEngineering (R0)