评估软件组件的安全属性:软件工程师的视角

Australian Software Engineering Conference (ASWEC'06) Pub Date : 2006-04-18 DOI:10.1109/ASWEC.2006.13

K. Khan, Jun Han

{"title":"评估软件组件的安全属性:软件工程师的视角","authors":"K. Khan, Jun Han","doi":"10.1109/ASWEC.2006.13","DOIUrl":null,"url":null,"abstract":"The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components","PeriodicalId":285684,"journal":{"name":"Australian Software Engineering Conference (ASWEC'06)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"Assessing security properties of software components: a software engineer's perspective\",\"authors\":\"K. Khan, Jun Han\",\"doi\":\"10.1109/ASWEC.2006.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components\",\"PeriodicalId\":285684,\"journal\":{\"name\":\"Australian Software Engineering Conference (ASWEC'06)\",\"volume\":\"67 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-04-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Australian Software Engineering Conference (ASWEC'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ASWEC.2006.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Australian Software Engineering Conference (ASWEC'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASWEC.2006.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 24

摘要

提出了一种软件组件安全特性的评估方案。建议的方案包括三个阶段:(i)为所附的应用程序制定系统特定的保安要求规格;(ii)特定组件的安全等级;以及(iii)对候选组件的评分安全属性的评估方法。评估方案最终提供一个数字分数，表明候选组件的安全属性的相对强度。该方案部分基于ISO/IEC 15408、信息技术安全评估通用标准(CC)和多元素组件比较与分析(MECCA)模型。该方案足够灵活，软件工程师可以使用它对候选组件的安全状态进行第一手的初步评估

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Assessing security properties of software components: a software engineer's perspective

The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Australian Software Engineering Conference (ASWEC'06)

自引率

0.00%

发文量

期刊最新文献

Compatibility test for coordination aspects of software components Factors affecting software testing time schedule A service-oriented architecture for software process technology Over-the-air deployment of applications in multi-platform environments Checking conformance between business processes and Web service contract in service oriented applications