A Framework for Vulnerability Minimization - IEEE Xplore

International Conference on Computer & Communication Technology (ICCCT)-2011

A Framework for Vulnerability Minimization -Object Oriented Design PerspectiveA. Agrawal

R.A. Khan

Department of Information Technology Babasaheb Bhimrao Ambedkar University Lucknow, India [email protected]

Department of Information Technology Babasaheb Bhimrao Ambedkar University Lucknow, India [email protected] by object in a class. All objects in a class share the same operation. A method is an implementation of an operation for a class. Software security metrics are measurements to assess security related imperfections introduced during software development [9]. Most security measurements either quantify security at system level [10], [11], or code level [9]. This, however, makes it very difficult and costly to identify and resolve vulnerabilities caused by software design errors. Also, various studies on object oriented software quality have developed metrics focusing on its different attributes such as understandability and reusability [12]. Despite the fact that security is a very important attribute of quality, quantification of security for object oriented design has been given a little attention. So, there is an urgent need to quantify design level vulnerabilities to help minimize vulnerabilities of an object oriented design and also to compare the security of various alternative designs so that a more secure design can be chosen. Rest of the paper is organized as: next section presents brief review on software security. On the basis of this review, need for developing vulnerability minimization framework is identified in section 3. Section 4 relates software security and vulnerability propagation. Section 5 presents premises of the proposed framework. Section 6 proposes vulnerability minimization framework. Section 7 presents significance of the proposed framework. Section 8 discusses about limitation and future work and the paper concludes at section 7.

Abstract—The research on software security is still in its infancy. Moreover, the design phase of software development is much ignored. Though, enough research is done for improvement of object oriented design quality, the improvement of object oriented design security has received little attention. The unavailability of any existing framework for minimization of object oriented design vulnerability has made the task complicated and haphazard. The research proposes a metric based framework for minimization of object oriented design vulnerability. The framework minimizes vulnerability by restricting the flow of vulnerable information. Keywords-object oriented design, vulnerability minimization, vulnerability propagation and security, security vulnerabilities, design phase

I.

INTRODUCTION

Design phase of software development prepares skeleton of the software. Detection and correction of vulnerabilities in design phase of development life cycle are important as making changes in the phase are much easier than to make them at the end [1]. Plenty of tools and approaches are available to detect and remove implementation time vulnerabilities. ITS4 [2], FLF Finder [3], MOPS [4], Penetration Testing [5] are to be named a few. But, approaches for detection and removal of vulnerabilities at design level [1], [6] are very few. Undoubtedly, vulnerability detection and correction processes in design phase are still almost manual which consume more time, resources and efforts [7]. Even tools to detect and remove design level vulnerabilities do not exist [8]. This leads the necessity to develop an approach for minimizing vulnerabilities at design level. Object oriented design is a design strategy where system designers think in terms of ‘things’ instead of operations or functions. It is concerned with developing an object oriented model of a software system to implement the identified requirements [13]. An object oriented design (OOD) is centered on key entities as objects, attributes, methods and classes. An object is a concept, abstraction or thing with identity that has meaning for an application [14]. An attribute is a property of an object. A class describes a group of objects with the same properties (attributes), behavior (operations), kind of relationships and semantics. An operation is a function or procedure that may be applied to or

978-1-4577-1386-611$26.00©2011 IEEE

II.

SECURITY RESEARCH AT A GLANCE

The research on software security quantification and hence vulnerability minimization is carried on for years. F. Copigneaux et al (1988) introduced a systematic approach for security evaluation of non functional attributes of software. The approach is based on McCall’s factor, criteria and metric approach [15]. J. Alves-Foss et al (1995) developed a method called as System Vulnerability Index (SVI). The SVI is a mechanism that can help assess the susceptibility of computer system to common attacks. It helps system administrators to assess the starting point for security policy [16]. C. Wang et al (1997) presented a framework for security measurement. Of course, it is not a universal measure, but it provides a systematic way for assessing security strength of a system [17]. A cost-benefit approach called SAEM is developed by S.A. Butler (2002)

499


help compare the vulnerability of various alternative designs [32], [33].

assesses multi attribute risk. On the basis of that risk prioritization is performed [18]. J. Bansiya et al(2003) presented a hierarchical model for assessment of object oriented design quality. As security is an attribute of quality, the research provides a seedbed for assessment of security [12]. D. P. Gilliam et al (2003) developed a Software Security Assessment Instrument (SSAI) which includes software security checklist to be integrated with software development life cycle to produce secure software [19]. S. T. Halkidis et al (2004) qualitatively evaluated known security patterns based on how well they follow identified security guidelines and protect the system from threats [20]. J. Hallberg et al (2005) developed a framework for system security assessment. They claimed that the framework was able to categorize existing security assessment methods. To support their claim, they proposed CAESAR method to calculate overall system security values [21]. O. H. Alhazmi et al (2005) introduced a metric called vulnerability density. It is a relative metric and defined as the number of vulnerabilities per unit size of code. It is used to distinguish that which version of given software is more vulnerable [10]. Microsoft introduced threat modeling process (2005) to analyze the product’s environment and to defend against the potential attacks [1]. A relative metric called attack surface metric [22] is given by P. Mandhata et al (2005). The metric measures how likely the system will be successfully attacked. R. Scandariato et al (2006) presented a set of security design principles to be applied at early stage of software development life cycle and suggested metrics for the security principles [23]. Y. Chen et al (2007) presented a quantitative threat modeling method. The Method is based on Attack Path Analysis (T- MAP) [24]. D. Byres et al (2007) proposed a security process to be applied at each phase of software development life cycle to produce secure software [25]. I. Cowdhuri (2008) proposed a number of code level security metrics to measure the level of security of a code segment [9]. M. U. A. Khan et al (2008) proposed a security quantification methodology to evaluate the security state of a particular SDLC artifact [26]. P. H. Meland et al (2009) presented a SODA model which is a collection of some practical techniques and tools to be applied in the design phase for secure software development [27]. B. D. Romero M. et al (2009) investigated common security vulnerabilities and their mitigation strategies for building secure software [28]. J. A. Wang et al (2010) presented ontology for vulnerability management. The attack patterns were ranked based on the vulnerability information present in the ontology [29]. A. Alkussayer et al (2010) developed a framework to assess software architecture to determine how well it can satisfy the intended security requirements [30]. T. Zimmermann et al (2010) presented an empirical study on Windows Vista to predict its vulnerabilities [31]. B. Alshammari et al (2010) defined a number of information security metrics derivable from a program’s design artifacts. The metrics allow designers to discover and fix security vulnerabilities at an early stage and

III. NEED OF VULNERABILITY MINIMIZATION FRAMEWORK FOR OBJECT ORIENTED DESIGN To end up with a secured product, one must focus on the design of software at the time of its development. When it comes to enhancing security/minimizing vulnerability of an object oriented design, an obvious way is to concentrate on object oriented design constructs such as inheritance, coupling, encapsulation and cohesion. There is a possibility that a proper blend of object oriented design constructs may minimize vulnerability of the design of object oriented software [32], [33]. Similar efforts have already been done to enhance the quality of design of object oriented software [12], [34]. The various factors of quality such as complexity, reliability, reusability are estimated and optimized using the object oriented design constructs. Though security is a factor of quality [35], it is deprived of getting the similar attention [32], [33]. This is because security means different for different people and organizations [36]. It is largely affected by the context, environment and abstraction. It is also multidimensional, emergent and irreducible [36]. An exhaustive literature survey denies the availability of any standard metric based framework following which vulnerability of an object oriented design can be minimized during design phase itself. In order to cater the need, the research proposes a metric based framework for minimization of object oriented design vulnerability. The proposed research is based on addressing a set of identified security design principles which are of interest irrespective of any context or environment. The security design principles are addressed using identified object oriented design constructs in order to avoid object oriented design vulnerability. Any information is vulnerable if it requires special attention in respect of security. The key idea is to restrict the flow of vulnerable information and the flow of vulnerable information is termed as ‘Vulnerability Propagation’. IV.

VULNERABILITY PROPAGATION AND SECURITY

Anything which is susceptible to attack is termed as vulnerable. In this sense, all the confidential information, assets and the variables in the software which provide entry to confidential information/ deal with assets/ process confidential information are vulnerable [22]. Various attempts have already been made including encryption, passwords for security of these vulnerabilities. But design defects have made it difficult to develop secure software. As stated by E. Orlandi, security is a function of vulnerability [35]. i.e. security = ƒ (vulnerability) (1) As the vulnerabilities in the software increases, security decreases [22], hence security is inversely proportional to vulnerabilities. i.e, security α 1/ (vulnerability) (2)

500


Increasing availability of anything vulnerable (vulnerability propagation), would increase its vulnerability [37] and increased vulnerability tends to reduce security. Hence, security is a function of vulnerability propagation. i.e, Vulnerability α vulnerability propagation Hence from (2) and (3),

For the purpose, identification phase involves following activities: 1) Identification of object oriented design vulnerability When one talks about quantification or minimization of vulnerabilities, the first step must be to identify vulnerabilities. A design having minimum design flaws will lay the foundation for more secure software. In objectoriented design, attributes store information related to an object. The information stored in these attributes is processed by the methods and objects of other classes access this information through these methods. Hence, methods are the vehicle of information exchange among objects of various classes. From security perspective, information stored in the attributes of a class may be categorized as general and sensitive. The general information is one whose exposure does not pose any harm to the owner of the information. Hence, it does not require any security. On the other hand, the disclosure of later category of information may pose danger for the individual or organization. Hence, it is considered to be vulnerable to attacks and requires extra measures for security. On the basis of the above discussion, attributes processing the security related information may be termed as vulnerable attributes and the methods interacting with these attributes may be termed as vulnerable methods. 2) Identification of security design principles Security design principles are specific guidelines and practices. These are the proven rules to improve security strength of an application [27]. The goal of these principles is to identify and spotlight the most important objectives one should keep in mind when designing and developing secure software [38]. There is various security design principles identified and discussed by various researchers. These include • Asses your threats [39]. • Secure the weakest link [39], [38]. • Make components with differing privileges [39]. • Validate all data from lower privileged sources [39]. • Use several layers of defense [38], [39]. • Reduce the attack surface [39], [33], [40]. • Follow the principle of least privilege [38], [78], [39]. • Stay secure even if there is failure [38], [39]. • Store the secrets very carefully [39]. • Compartmentalize [38]. • Keep it simple [38]. • Don’t depend upon attacker’s ignorance [39]. • Separate code and data [39]. • Don’t reveal more than necessary [39]. • Be reluctant to trust [38]. These are the most common security design principles. Some of these are applicable to design phase and some of them are meant for coding phase or for both [33], [39]. J. Viega et al claims that one can avoid 90 percent of the security problems by addressing almost ten security design principles [38]. There are the researches addressing either one [22] or two [33] security design principles for minimizing vulnerability quantitatively. To minimize vulnerability at the design phase, one must identify and

(3)

security α 1/ (vulnerability propagation) (4) Equation (3) and (4) reflect that, in order to minimize vulnerability or enhance security, propagation of vulnerabilities must be minimized. V.

PREMISES

A framework is a hypothetical description of a complex process. It provides a factual base for future research. The framework for minimization of object oriented design vulnerability has the following assumptions: • The framework minimizes the vulnerability by minimizing the flow of vulnerable information (vulnerability propagation). • The list of security design principles is not final. The one can choose a subset of the given set of list or one can also add more security design principles. • Intuitively, if an object oriented design construct naturally follows the security design principles it will restrict propagation of vulnerabilities and if it does not, then it propagates vulnerability. In order to be useful, the framework restricts the flow of vulnerable information. It measures the flow of vulnerable information and then provides guidelines for restricting the flow of vulnerable information throughout the object oriented design. VI.

THE FRAMEWORK

The proposed framework for object-oriented design vulnerability minimization comprises of four phases (as shown in figure-1). At the first phase i.e. identification phase, the relevant security design principles, relevant object-oriented design constructs and vulnerable attributes are identified. In the next phases, i.e. in verification phase, for each identified object-oriented design construct, it is verified whether the construct adhere with the identified security design principles in order to minimize vulnerability propagation. In measurement phase, metrics are developed for the construct to measure vulnerability propagation or vulnerability confinement through that construct. Algorithms to compute each metric are devised. The fourth phase involves analyzing the metrics and on the basis of the analysis, guidelines for minimizing object oriented design vulnerability are developed. Finally, on the basis of review, the whole approach is revised. A. Identification Phase Goal of the vulnerability minimization framework is to minimize vulnerability of an object-oriented design by minimizing vulnerability propagation throughout the design.

501


TABLE I.

follow a subset of abovementioned security design principles. cation Phase Identifi

OOD construct follows identified security design principles→

• Generate Guidelines for Vulnerability minimization

n

V

R E

I S

Vulnerability Minimization Framework

V I

I O

E W

&

Checking for Bonding of object Oriented design Properties with Security design principle

N

Nature of the design construct→ Action to be taken→

•Define vulnerability metrics •Development of algorithms for computation of metric

Meas ur

emen t

all

none

some

Confines vulnerability

Propagates vulnerability

Propagates vulnerability

maximize

minimize

minimize

Case 3: It follows some of the security design principles. If the object oriented design construct in question follows some of the security design principles, it should be used in moderation. The goal is to analyze whether the construct will propagate the vulnerability or confine the vulnerability propagation. According to the result of this phase, the decision is taken whether the construct is maximized or minimized. On the basis of the decision, metrics are developed for the constructs in the measurement phase.

Phase

Minimizat io

•Analysis of Vulnerability Metric

E

ation Verific

Phase

•Identify security design principles •Identify OO Design Constructs •Identify OO Design Vulnerability

R

OBJECT ORIENTED DESIGN CONSTRUCTS AND VULNERABILITY PROPAGATION

Phase

Figure 1. Vulnerability Minimization Framework

3) Identification of object oriented design constructs Object oriented design facilitates reusability, flexibility and abstraction etc. Object oriented design constructs play an important role for providing various ‘ities’ in the software such as maintainability, understandability, flexibility etc. The various object oriented design constructs include: • Inheritance • Coupling • Cohesion • Encapsulation For implementing the framework, one must have to identify the relevant object oriented design constructs to address the identified security design principles and hence vulnerability propagation minimization.

C. Measurement Phase Measurement is essential to information security because one can not measure the success of security policy, mechanism or implementations without measurement [41]. Until vulnerabilities can not be measured, they can not be minimized [41]. The measurement phase comprises of two activities: 1) Defining vulnerability metrics Metrics are effective tools to measure security strength of the software [64]. The object oriented design vulnerability metrics, developed by following the framework, will measure vulnerability propagation or confinement due to identified object oriented constructs. 2) Algorithm development Algorithms will be developed for the computation of each vulnerability metric defined in the above step. Development of algorithms will provide an easy way to collect the metrics. The outputs of the algorithms will be the metric values as well as some data structures which may be used to analyze the metrics and help to provide guidelines for vulnerability minimization.

B. Verification Phase The verification phase involves checking each identified object-oriented design construct for its adherence with identified security design principles. The proposed framework minimizes vulnerability propagation by concentrating on object oriented design constructs examining which construct among all supports vulnerability propagation and which confines. The examination is done on the basis whether it follows all, some or none of the security design principles. On the basis of these three possibilities, the three cases arise (as shown in table-1): Case 1: It follows all of the security design principles. If the object oriented design construct in question follows all of the security design principles, it will not propagate vulnerabilities at all. Hence, its use must be maximized. Case 2: It follows none of the security design principles. If the object oriented design construct in question follows none of the security design principles, it will propagate vulnerability. Hence, its use must be minimized.

D. Minimization Phase The measurement phase answers ‘is there any vulnerability in the object oriented design?’ and also assesses ‘how vulnerable the object oriented design is?’ Vulnerability minimization phase answers ‘what precautionary measures should be taken in order to minimize the vulnerability?’ For this the minimization phase comprises of the following two activities: 1) Analysis and interpretation of the vulnerability metrics Analysis is important for pinpointing the problem and moving towards the solution. The analysis of the vulnerability metrics will provide the insight about the

502


vulnerability minimization. Various metrics have also been developed for the design constructs inheritance [42], [43], [45], coupling [44] by following the proposed framework. The metrics have been revised too [42] [45] and have been implemented using case studies [46] [44]. As a future work, we are planning to validate the metrics already developed and hence the framework.

metrics. The results of the analysis of the vulnerability metric are used to produce the guidelines for minimization of object oriented design vulnerabilities. 2) Developing the guidelines Security guidelines are precautionary instructions to follow for minimization of vulnerabilities in the design of object oriented software. The guidelines will help to adjust metrics values by adjusting the object oriented design constructs to improve security level of the software design.

IX.

CONCLUSION

Design phase is the most important one for concentrating on security vulnerabilities in the software. On the other hand, security concerns ignored in this phase pays much in terms of rework and cost for the subsequent phases. The literature shows that vulnerability estimation and hence minimization is almost missing. There is a gap between security concerns and object oriented design constructs. Bridging the gap, the research proposes the framework for vulnerability minimization of object oriented design. The framework provides prescriptive guidelines for developing a metric based vulnerability minimization approaches.

VII. SIGNIFICANCE OF THE PROPOSED FRAMEWORK Accurate measurement of vulnerabilities in software at design phase remains a difficult problem because there is reportedly no good understanding of the nature of the software. There is no clear definition to ‘what aspects are related to software security’. To find a suitable way to measure and minimize software vulnerabilities and most of the aspects related to it is very difficult. Henceforth, a study on object oriented software design vulnerability measurement and minimization becomes important for software industry developers and users. Thereby such a study as a whole, with its direct contributions to the field of knowledge, may prove to be significant directly or indirectly in terms of following: • It may help to discover and minimize the underlying vulnerabilities in the software design at the early stage of software development life cycle leading to a secured end product. • It may help to determine the effect of the object technology over the minimization of vulnerabilities. • It may assist to develop alternative designs of object oriented software under development. • It may also assist to choose the more secure design of object oriented software among its different alternative designs. Furthermore, it is observed that the contributions from this successful proposed study may prove to be specifically significant in the following manner: • The proposed framework may encourage and enable the developers to come out with good vulnerability models with better acceptability. • The proposed metric based framework may form the basis for the development of new, modified or refined approaches. • The proposed framework may find a place among the measurement tools for security rating of object oriented software and hence the development of threshold metric values for qualitative interpretation. • The proposed approach may be used to set the security benchmark value for any organization.

REFERENCES [1]

P. Torr, “Demystifying the threat-modeling process,” IEEE Security & Privacy, vol. 3, Sep-Oct 2005, pp. 66-70. doi: 10.1109/MSP.2005.119. [2] J. Viega, J. T. Bloch, T. Kohno, and G. McGraw, “ITS4: A static vulnerability scanner for C and C++ code,” Proc. IEEE Conf. Computer Security Applications (ACSAC’00), IEEE Press, 11-15 Dec 2000, pp. 257-267, doi: 10.1109/ACSAC.2000.898880. [3] D. DaCosta, C. Dahn, S. Mancoridis, and V. Prevelakis, “Characterizing the ‘security vulnerability likelihood’ of softawre functions,” Proc. IEEE Conf. Software Maintenance, (ICSM’03), IEEE Press, 22-26 Sep. 2003, pp. 266 – 274, doi:.ieeecomputersociety.org/10.1109/ICSM.2003.1235429. [4] H. Chen, and D. Wanger, “MOPS: An infrastructure for examining security properties of software,” Proc. ACM Conf. Computer and Communications Security (CCS’02), ACM Press, 18–22 Nov, 2002, pp. 235-236, doi: acm.org/10.1145/586110.586142. [5] M. Bishop, “About penetration testing,” IEEE Security & Privacy, vol. 5, Nov-Dec 2007, pp. 84- 87, doi: 10.1109/MSP.2007.159. [6] M. A. Hadavi, H. M. Sangehi, V. S. Hamishagi, H. Shirazi, “Software security: A vulnerability – activity revisit,” Proc. IEEE Conf. Availability, Reliability and Security (ARES’08), IEEE Press, 4-7 Mar 2008, pp. 866-872, doi: 10.1109/ARES.2008.200. [7] N. Moha, “Detection and correction of design defects in object oriented architectures,” Proc. Workshop. Object Oriented Reengineering(WOOR’03), 21 July 2003, pp. 949 – 950, doi: http://www.etud.iro.umontreal.ca/~mohanaou/paper/ECOOP06/Moha 06-DS_ECOOP.pdf [8] G. McGraw, “From the ground up: The DIMACS software security workshop,” IEEE Security & Privacy, vol. 1, Mar-Apr 2003, pp. 59 – 66, doi: 10.1109/MSECP.2003.1193213. [9] I. Chowdhury, B. Chan and M. Zulkernine, “Security Metrics for Source Code Structures,” Proc. Fourth International Workshop on Software Engineering for Secure Systems (SESS’08), ACM Press, May 2008, pp. 57-64, doi: http://dx.doi.org/10.1145/1370905.1370913. [10] O. A. Alhazmi, Y. K. Malaiya and I. Ray, “Security vulnerabilities in software systems: A quantitative perspective,” Data and Applications Security 2005, LNCS 3654, pp. 281-294, doi: 10.1007/11535706. [11] A. Ozment, “Improving Vulnerability Discovery Models: Problems with Definitions and Assumptions,” Proc. 2007 ACM Workshop on Quality of Protection (QoP’07), ACM Press, 2007, pp. 6- 11, doi:10.1145/1314257.1314261.

VIII. LIMITATIONS AND FUTURE WORK Undoubtedly, the proposed framework has limitations. The applicability of the framework to only object oriented design limits its usage. Validation of the framework is in process. However, the proposed metric based vulnerability minimization framework for object oriented design will provide the foundation for the further research on

503


[12] J. Bansia and G.C. Davis “A Hierarchical Model for Object-Oriented Design Quality Assessment” IEEE Trans.on Software Engineering, vol. 28, pp. 4-17, Jan 2002. [13] I. Sommerville, Object- Oriented Design, 6th Addition, AdditionWesley, 2000. [14] J. Rumbaugh, Object-Oriented Modeling and Design, 3rd Edition, Prentice Hall, 1991. [15] F. Copigneaux and S. Martin, “Software Security Evaluation Based On A Top Down McCall-Like Approach,” Proc. Fourth Aerospace Computer Security Applications conference, IEEE Press, 1988, pp. 414-418, doi: 10.1109/ACSAC.1988.113352 [16] J. Alves-Foss, and S. Barbosa, “Assessing Computer Security Vulnerability,” ACM SIGOPS Operating Systems Review, vol. 29, pp. 3-13, Jul 1995. [17] C. Wang and W.A. Wulf, “ A Framework for Security Measurement,” Proc. National Information System Security Conference (NISSC’97), 1997, pp. 522-533. [18] S. A. Butler, “Security Attribute Evaluation Method: A Cost-Benefit Approach,” Proc. International Conference on Software Engineering (ICSE 2002), ACM Press, 2002, pp. 232-240, doi:acm.org/10.1145/581339.581370. [19] D. P. Gilliam, T. L. Wolfe, J.S. Sherif and M. Bishop, “Softawre Secuirty Checklist for the Softawre Life Cycle,” Proc. Twelfth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises(WETIC’03), IEEE Press, June 2003, pp.243-248, doi: org/10.1109/ENABL.2003.1231415. [20] S. T. Halkidis, A. Chatzigeorgiou and G. Stephanides, “A Qualitative Evaluation of Security Patterns”, Proc. ICICS 2004, LNCS 3269, Springer-Verlag, 2004, pp. 132- 144. [21] J. Hallberg, A. Hunstad and M. Peterson, “A Framework for System Security Assessment,” Proc. 6th Annual IEEE System, Man and Cybernetics (SMC) Information Assurance Workshop, IEEE Press, 2005, pp. 224-231, doi:10.1109/IAW.2005.1495956. [22] P. Manadhata, and J. M. Wing, “An attack surface metric”, CMU-CS05-155, July 2005. Available at: http://www.cs.cmu.edu/%7Ewing/publications/CMU-CS-05-155.pdf. [23] R. Scandariato, B. D. Win, and W. Joosen “Towards a measuring framework for security properties of software,” Proc. ACM Workshop(QoP’06), ACM Press, Oct 2006, pp.27-30, doi: acm.org/10.1145/1179494.1179500. [24] Y. Chen, B. Boehm and L. Sheppard, “Value Driven Security Threat Modeling Based on Attack Path Analysis”, Proc. 40th Annual Hawaii International Conference on System Sciences(HICSS’07), IEEE Press, 3-6 Jan 2007, pp. 280a doi: ieeecomputersociety.org/10.1109/HICSS.2007.601. [25] D. Byres and N. Shahmehri, “Design of a process for software security,” , Proc. Second International Conference on Availability, Reliability and Security (ARES’07), IEEE Press, 10-13 Apr 2007, pp. 301-309, doi: ieeecomputersociety.org/10.1109/ARES.2007.67. [26] M.U.A. Khan and M. Zulkernine, “Quantifying Security in Secure Software development Phases,” Proc. Annual IEEE International Computer Software and Application Conference(COMPSAC’08), IEEE Press, 2008, pp. 955- 960, doi: 10.1109/COMPSAC.2008.173. [27] P. H. Meland and J. Jensen, “Secure Software Design in Practice,” Proceeding of the Third International Conference on Availability, Reliability and Security(ARES’09), IEEE Press, 4-7 March 2008, pp. 1164-1171, doi: 10.1109/ARES.2008.48. [28] B. D. R. Marino. and H. M. Haddad, “Security Vulnerabilities and Mitigation Strategies for Application Development,” Proc. IEEE Conf. on Information Technology: New Generations (ITNG’09), IEEE Press, 2009, pp. 235-240, doi: org/10.1109/ITNG.2009.151. [29] J. A. Wang, H. Wang, M. Guo, L. Zhou, and J. Camargo, “Ranking Attacks Based on Vulnerability Analysis,” Proc. 43rd Hawaii International Conference on System Sciences (HICSS’10), IEEE

[30]

[31]

[32]

[33]

[34]

[35]

[36]

[37]

[38] [39]

[40]

[41]

[42]

[43]

[44]

[45]

[46]

504

Press, 5-8 Jan 2010, pp. 1-10, doi: ieeecomputersociety.org/10.1109/HICSS.2010.313. A. Alkussayer and W.H. Allen “A Scenario-Based Framework for the Security Evaluation of Software Architecture,” Proc. International Conf. Computer Science and Information Technology (ICCSIT’10), IEEE Press, 9-11 Jul 2010, pp. 687-695, doi: org/10.1109/ICCSIT.2010.5564015. T. Zimmermann, N. Nagappan and L. Williams, “Searching for a Needle in a Haystack: Predicting Security Vulnerabilities for Windows Vista,” Proc. 3rd International Conf. on Softawre Testing, Verification and Validation(ICST’10), IEEE Press, 6-10 Apr 2010, pp. 421-428, doi: 10.1109/ICST.2010.32. B. Alshammari, C. Fidge and D. Corney, “Security Metrics for Object-Oriented Design,” Proc. 21st Australian Software Engineering Conference, IEEE Press, 6-9 Apr 2010, pp. 55- 64, doi:ieeecomputersociety.org/10.1109/ASWEC.2010.34. B. Alshammari, C. Fidge and D. Corney, “Security Metrics for Object-Oriented Class Design,” Proc. 9th International Conf. on Quality Software, IEEE Press, 24-25 Aug 2009, pp. 11- 20, doi:ieeecomputersociety.org/10.1109/QSIC.2009.11. L. C. Briand, J. W. Daly, J. K. Wust, “A Unified Framework for Coupling Measurement in Object Oriented Systems,” IEEE Trans. on Software Eng, vol. 25, pp. 91-121, Jan/Feb 1999. E. Orlandi, “Computer Security: A Consequence of Information Technology Quality,” Proc. International Carnahan Conf. on Security Technology, Crime Countermeasures, IEEE Press, 10-12 Oct 1990, pp. 109-112, doi:org/10.1109/CCST.1990.111394. S. L. Pfleeger and R.K. Cunningham, “Why Measuring Security is Hard,” IEEE Security and Privacy, IEEE, Jul- Aug 2010, pp.46- 54, doi:org/10.1109/MSP.2010.60. P. Kaomea, “Beyond security: A Data Quality Perspective on Defensive Information Warfare,” Proc. International Conf. on Information Quality(IQ’96), Sponsored by UC Berkeley CITM, 1996, pp. 172-185. J. Viega and G. McGraw, Building Secure Software: How to Avoid Security Problems The Right Way, Addison-Wesley, 2005. H. Peine, “Rules of Thumb for Secure Software Engineering,” Proc. 27th International Conf. on Software Engineering(ICSE’05), ACM Press, 2005, pp. 702-703, doi: org/10.1145/1062455.1062626. M. Y. Liu and I. Traore, “Empirical Relation between Coupling and Attackability in Software Systems: A Case Study on DOS,” Proc. 2006 Workshop on Programming Languages and Analysis for Security (PLAS’06), ACM Press, 2006, pp. 57-64, doi: org/10.1145/1134744.1134756. A. J. A. Wang, “Information Security Models and Metrics,” Proc. 43rd ACM Southeast Regional Conf., ACM Press, 2005, pp. 178- 184, doi:org/10.1145/1167253.1167295. A. Agrawal, R. A. Khan, “Impact of Inheritance on Vulnerability Propagation at Design Phase,” ACM SIGESOFT SEN, vol. 34, pp. 15, Jul 2009. A. Agrawal, S. Chandra and R. A. Khan, “An Efficient Measurement of Object Oriented Design Vulnerability,” Proc. IEEE Conf. Availability, Reliability and Security (ARES’09), IEEE Press, 16-19 Mar 2009, pp.618-622, doi: org/10.1109/ARES.2009.130. A. Agrawal, R. A. Khan, “A Vulnerability Metric for Design Phase of Object Oriented Software,” Proc. Third International Conf. on Contemporary Computing(IC3), CCIS 94, Springer, Aug 2010, pp. 328- 339, doi:10.1007/978-3-642-14834-7_31. A. Agrawal & R.A.Khan, “Measuring the Vulnerability of an Object Oriented Design,” Network Security, Elsevier, vol. 2009, pp. 13-17, Oct 2009. A. Agrawal & R.A.Khan, “An Algorithm to Measure Attribute Vulnerability Ratio of an Object Oriented Design,” International Journal of Recent Trends in Engineering, vol.2, pp. 61-63, Nov 2009.