This document discusses security metrics for object-oriented software designs. It begins by introducing the need for security metrics to evaluate designs early in development. Existing security metrics mostly evaluate full system implementations, which makes it difficult to address problems early. The document proposes using design-level security metrics along with genetic algorithms to identify secure designs early. It reviews existing tools that apply metrics at the design or code level, but notes few address security specifically at the design stage. The goal is to reduce costs by discovering and addressing security issues earlier in development.
Software Metrics for Identifying Software Size in Software Development ProjectsVishvi Vidanapathirana
This paper defines the best software metrics that can be used to define the size of the software in the current industry of information technology (IT)
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSijcsa
Software metrics have a direct link with measurement in software engineering. Correct measurement is the prior condition in any engineering fields, and software engineering is not an exception, as the size and complexity of software increases, manual inspection of software becomes a harder task. Most Software Engineers worry about the quality of software, how to measure and enhance its quality. The overall objective of this study was to asses and analysis’s software metrics used to measure the software product and process.
In this Study, the researcher used a collection of literatures from various electronic databases, available since 2008 to understand and know the software metrics. Finally, in this study, the researcher has been identified software quality is a means of measuring how software is designed and how well the software conforms to that design. Some of the variables that we are looking for software quality are Correctness, Product quality, Scalability, Completeness and Absence of bugs, However the quality standard that was used from one organization is different from others for this reason it is better to apply the software metrics to measure the quality of software and the current most common software metrics tools to reduce the subjectivity of faults during the assessment of software quality. The central contribution of this study is an overview about software metrics that can illustrate us the development in this area, and a critical analysis about the main metrics founded on the various literatures.
A software system continues to grow in size and complexity, it becomes increasing difficult to
understand and manage. Software metrics are units of software measurement. As improvement in coding tools
allow software developer to produce larger amount of software to meet ever expanding requirements. A method
to measure software product, process and project must be used. In this article, we first introduce the software
metrics including the definition of metrics and the history of this field. We aim at a comprehensive survey of the
metrics available for measuring attributes related to software entities. Some classical metrics such as Lines of
codes LOC, Halstead complexity metric (HCM), Function Point analysis and others are discussed and
analyzed. Then we bring up the complexity metrics methods, such as McCabe complexity metrics and object
oriented metrics(C&K method), with real world examples. The comparison and relationship of these metrics are
also presented.
Software Metrics for Identifying Software Size in Software Development ProjectsVishvi Vidanapathirana
This paper defines the best software metrics that can be used to define the size of the software in the current industry of information technology (IT)
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSijcsa
Software metrics have a direct link with measurement in software engineering. Correct measurement is the prior condition in any engineering fields, and software engineering is not an exception, as the size and complexity of software increases, manual inspection of software becomes a harder task. Most Software Engineers worry about the quality of software, how to measure and enhance its quality. The overall objective of this study was to asses and analysis’s software metrics used to measure the software product and process.
In this Study, the researcher used a collection of literatures from various electronic databases, available since 2008 to understand and know the software metrics. Finally, in this study, the researcher has been identified software quality is a means of measuring how software is designed and how well the software conforms to that design. Some of the variables that we are looking for software quality are Correctness, Product quality, Scalability, Completeness and Absence of bugs, However the quality standard that was used from one organization is different from others for this reason it is better to apply the software metrics to measure the quality of software and the current most common software metrics tools to reduce the subjectivity of faults during the assessment of software quality. The central contribution of this study is an overview about software metrics that can illustrate us the development in this area, and a critical analysis about the main metrics founded on the various literatures.
A software system continues to grow in size and complexity, it becomes increasing difficult to
understand and manage. Software metrics are units of software measurement. As improvement in coding tools
allow software developer to produce larger amount of software to meet ever expanding requirements. A method
to measure software product, process and project must be used. In this article, we first introduce the software
metrics including the definition of metrics and the history of this field. We aim at a comprehensive survey of the
metrics available for measuring attributes related to software entities. Some classical metrics such as Lines of
codes LOC, Halstead complexity metric (HCM), Function Point analysis and others are discussed and
analyzed. Then we bring up the complexity metrics methods, such as McCabe complexity metrics and object
oriented metrics(C&K method), with real world examples. The comparison and relationship of these metrics are
also presented.
Empirical Study of Software Development Life Cycle and its Various ModelsCSCJournals
A process used by the software industry to design, develop and test high quality software is called software development life cycle. The main aim of SDLC is to produce high quality software that meats customer expectation. We can also refer SDLC as Application Development Life Cycle. SDLC is not a methodology it is a description of various phases that are involved in software development starting from project definition to deployment and sustainment. These SDLC phases serve as a programmatic guide to project activity. In our paper we have explain various SDLC models (Waterfall, Spiral, V-Model, Iterative, Big Bang, Agile and Rapid Application Model).
When designing a bridge, an architect has al sorts of tools & techniques to verify it won't collapse.
Us software developers... We build. And with a bit of luck, we'll even test. And then we pray it doesn’t collapse :)
Can we measure software? Can we compare code objectively? Can we predict problems?
10 Insightful Quotes On Designing A Better Customer ExperienceYuan Wang
In an ever-changing landscape of one digital disruption after another, companies and organisations are looking for new ways to understand their target markets and engage them better. Increasingly they invest in user experience (UX) and customer experience design (CX) capabilities by working with a specialist UX agency or developing their own UX lab. Some UX practitioners are touting leaner and faster ways of developing customer-centric products and services, via methodologies such as guerilla research, rapid prototyping and Agile UX. Others seek innovation and fulfilment by spending more time in research, being more inclusive, and designing for social goods.
Experience is more than just an interface. It is a relationship, as well as a series of touch points between your brand and your customer. Here are our top 10 highlights and takeaways from the recent UX Australia conference to help you transform your customer experience design.
For full article, continue reading at https://yump.com.au/10-ways-supercharge-customer-experience-design/
How to Build a Dynamic Social Media PlanPost Planner
Stop guessing and wasting your time on networks and strategies that don’t work!
Join Rebekah Radice and Katie Lance to learn how to optimize your social networks, the best kept secrets for hot content, top time management tools, and much more!
Watch the replay here: bit.ly/socialmedia-plan
http://inarocket.com
Learn BEM fundamentals as fast as possible. What is BEM (Block, element, modifier), BEM syntax, how it works with a real example, etc.
Empirical Study of Software Development Life Cycle and its Various ModelsCSCJournals
A process used by the software industry to design, develop and test high quality software is called software development life cycle. The main aim of SDLC is to produce high quality software that meats customer expectation. We can also refer SDLC as Application Development Life Cycle. SDLC is not a methodology it is a description of various phases that are involved in software development starting from project definition to deployment and sustainment. These SDLC phases serve as a programmatic guide to project activity. In our paper we have explain various SDLC models (Waterfall, Spiral, V-Model, Iterative, Big Bang, Agile and Rapid Application Model).
When designing a bridge, an architect has al sorts of tools & techniques to verify it won't collapse.
Us software developers... We build. And with a bit of luck, we'll even test. And then we pray it doesn’t collapse :)
Can we measure software? Can we compare code objectively? Can we predict problems?
10 Insightful Quotes On Designing A Better Customer ExperienceYuan Wang
In an ever-changing landscape of one digital disruption after another, companies and organisations are looking for new ways to understand their target markets and engage them better. Increasingly they invest in user experience (UX) and customer experience design (CX) capabilities by working with a specialist UX agency or developing their own UX lab. Some UX practitioners are touting leaner and faster ways of developing customer-centric products and services, via methodologies such as guerilla research, rapid prototyping and Agile UX. Others seek innovation and fulfilment by spending more time in research, being more inclusive, and designing for social goods.
Experience is more than just an interface. It is a relationship, as well as a series of touch points between your brand and your customer. Here are our top 10 highlights and takeaways from the recent UX Australia conference to help you transform your customer experience design.
For full article, continue reading at https://yump.com.au/10-ways-supercharge-customer-experience-design/
How to Build a Dynamic Social Media PlanPost Planner
Stop guessing and wasting your time on networks and strategies that don’t work!
Join Rebekah Radice and Katie Lance to learn how to optimize your social networks, the best kept secrets for hot content, top time management tools, and much more!
Watch the replay here: bit.ly/socialmedia-plan
http://inarocket.com
Learn BEM fundamentals as fast as possible. What is BEM (Block, element, modifier), BEM syntax, how it works with a real example, etc.
Content personalisation is becoming more prevalent. A site, it's content and/or it's products, change dynamically according to the specific needs of the user. SEO needs to ensure we do not fall behind of this trend.
Lightning Talk #9: How UX and Data Storytelling Can Shape Policy by Mika Aldabaux singapore
How can we take UX and Data Storytelling out of the tech context and use them to change the way government behaves?
Showcasing the truth is the highest goal of data storytelling. Because the design of a chart can affect the interpretation of data in a major way, one must wield visual tools with care and deliberation. Using quantitative facts to evoke an emotional response is best achieved with the combination of UX and data storytelling.
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
By David F. Larcker, Stephen A. Miles, and Brian Tayan
Stanford Closer Look Series
Overview:
Shareholders pay considerable attention to the choice of executive selected as the new CEO whenever a change in leadership takes place. However, without an inside look at the leading candidates to assume the CEO role, it is difficult for shareholders to tell whether the board has made the correct choice. In this Closer Look, we examine CEO succession events among the largest 100 companies over a ten-year period to determine what happens to the executives who were not selected (i.e., the “succession losers”) and how they perform relative to those who were selected (the “succession winners”).
We ask:
• Are the executives selected for the CEO role really better than those passed over?
• What are the implications for understanding the labor market for executive talent?
• Are differences in performance due to operating conditions or quality of available talent?
• Are boards better at identifying CEO talent than other research generally suggests?
Security issues often neglected until coding step in
software development process, and changing in this step leads to
maximize time and cost consuming depending on the size of the
project. Applying security on design phase can fix vulnerabilities
of the software earlier in the project and minimize the time and
cost of the software by identifying security flaws earlier in the
software life cycle. This work concerns with discussing security
metrics for object oriented class design, and implementing these
metrics from Enterprise Architect class diagram using a
proposed CASE tool.
Modern gadgets and machines such as medical equipments, mobile phones, cars and even military hardware run on software. The operational efficiency and accuracy of these machines are critical to life and the well being of modern civilization. When the software powering these machines fail it exposes life to danger and can cause the failure of businesses. In this paper, software quality measure is presented with the emphasis on improving standard and controlling damages that may result from badly developed application. The research shows various software quality standards and quality metrics and how they can be applied. The application of the metrics in measuring software quality in the research produced results which shows that the code metrics performance is better than the design metrics performance and points to a new way of improving quality by refactoring application code instead of developing new designs. This is believed to ensure reusability and reduced failure rate when software is developed
A Compound Metric for Identification of Fault Prone Modulesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Cyber threats on software security have been prevailing and have increased exponentially, posing a major challenge on software reliability in the cyber physical systems (CPS) environment. Applying patches after the software has been developed is outdated and a major security flaw. However, this has posed a major software reliability challenge as threat actors are exploiting unpatched and insecure software configuration vulnerabilities that are not identified at the design phase. This paper aims to investigate the SDLC approach to software reliability and quality assurance challenges in CPS security. To demonstrate the applicability of our work, we review existing security requirements engineering concepts and methodologies such as TROPOS, I*, KAOS, Tropos and Secure Tropos to determine their relevance in software security. We consider how the methodologies and function points are used to implement constraints to improve software reliability. Finally, the function points concepts are implemented into the CPS security components. The results show that software security threats in CPS can be addressed by integrating the SRE approach and function point analysis in the development to improve software reliability.
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSijcsa
Software metrics have a direct link with measurement in software engineering. Correct measurement is the prior condition in any engineering fields, and software engineering is not an exception, as the size and complexity of software increases, manual inspection of software becomes a harder task. Most Software Engineers worry about the quality of software, how to measure and enhance its quality. The overall objective of this study was to asses and analysis’s software metrics used to measure the software product and process.
In this Study, the researcher used a collection of literatures from various electronic databases, available since 2008 to understand and know the software metrics. Finally, in this study, the researcher has been identified software quality is a means of measuring how software is designed and how well the software conforms to that design. Some of the variables that we are looking for software quality are Correctness, Product quality, Scalability, Completeness and Absence of bugs, However the quality standard that was used from one organization is different from others for this reason it is better to apply the software metrics to measure the quality of software and the current most common software metrics tools to reduce the subjectivity of faults during the assessment of software quality. The central contribution of this study is an overview about software metrics that can illustrate us the development in this area, and a critical analysis about the main metrics founded on the various literatures.
Relational Analysis of Software Developer’s Quality Assures
Iv2515741577
1. Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.1574-1577
Validating UML Diagram for Security
Prof. D.M.Thakore *, Torana N.Kamble.**
*(Department of Computer Engineering, Bharti Vidyapeeth Deemed University, College of Engineering, Pune)
**(M.Tech. Student, Department of Computer Engineering, Bharti Vidyapeeth Deemed University College of
Engineering, Pune )
ABSTRACT
Now days there are different quality of object oriented and keep track of design
attributes of software artifacts but security has performance. Mainly two kinds of metrics are used
got less responsiveness because of different for object oriented design namely-Static metrics and
reasons. Like lack of knowledge about which Dynamic metrics. Static metrics are obtained from
properties must be considered when it comes to static analysis and dynamic metrics are computed on
evaluate security because definition of security is the basis of data collected during the execution of
different for different organization and code. Traditional metrics for measuring software
accordingly they implement the security metrics. such as Lines of Code (LoC) have been found to be
Secure software development is still research insufficient for analysis of object-Oriented software.
topic in many organizations, because of the The suite of metrics proposed by Chidamber and
failure in designing security at early stage. Kemerer are useful to measure static feature of
Traditional approaches focus primarily on code. These code metrics computes different aspects
antivirus, firewall, intrusion detection, but all are of complexity of the source code, but not able to
at the level of individual program statements and accurately predict the dynamic behaviour of an
so on. This approach makes it difficult and costly application is as yet unproven. [8]
to determine and repair weakness caused by Evaluating the dynamic behaviour of an
design errors. It has been seen that flaws are left application at run time with static metrics is difficult
in the software design during development because its behaviour will be influenced by the
process are responsible for successful attack. The operational environment as well as complexity of
proper care should be taken at the design level object-oriented software.Different metrics have been
only. developed for software quality attributes of object-
Proposed approach describes oriented designs such as performance, reusability,
identification of secure design at early stage with and reliability. However, metrics which measure the
the help of design level security metrics and quality attribute of information security have
Genetic algorithm (GA). received little attention as security is non-functional
The reason of using this algorithm is to quality attribute.
exploit previous and alternate solution and Moreover, existing security metrics
provides multiple solutions to speedup. Then it measures the system at high level i.e. the whole
determines the security aspects of program system’s level or at a low level i.e. the program
during execution using set of metrics. It can be code’s level. These approaches are tough and costly
achieve by finding some method to log all to determine and fix weaknesses caused by software
occurrences of object instantiations, deletions, design errors. [3]
method invocations, and direct reference to To overcome these difficulties design
attributes while the system is executing. metrics have been developed which measures
security at design level. Proposed system applies
Keywords- Design, Measurement, Software these design level metrics and gives secure design
Security, Security, Quality Metrics, Software .The advantage of this technique is the cost and
Metrics. efforts needed to solve the problems after
implementation get reduced as it discovers errors at
I. INTRODUCTION early stage. And after implementing that secure
Due to the modularity and reusability many design it can be tested by different dynamic metrics.
software projects are shifted from traditional
structured development to object oriented design. In II. LITERATURE SURVEY
this Object Oriented approach metrics are useful tool There are different ways of reducing
to measure different quality attributes. Metrics are a security risks and vulnerabilities. But a common
means for attaining more accurate estimations of approach is to enforce security at the
project milestones, and developing a software implementation stage only [5].
system that contains minimal faults. There is project A survey has shown that most of the
base metrics which keep track of project security metrics calculate the security at system
maintenance, budgeting etc. whereas Design based level it considers system as whole. These are
metrics describe the complexity, size and robustness referred as a high level metrics. These metrics check
1574 | P a g e
2. Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.1574-1577
out not only software but also many other aspects of ES2: It is atool for collecting object oriented design
the system.[2] metrics from C++ and Java Code.It is helpful for
Several projects have inspected information making quality management decisions in practices.
flow through computer program code, by type Chidamber & Kemmerer Java Metrics: It is an
analysis, data/control flow analysis, and different open source tool to access CK Object Oriented
other ways of identifying and eliminating program Design quality metric by processing the byte-code of
code vulnerabilities.[10] There are number of compiled Java files. It is command line version and
security metrics that assess the security of a given generates output in text format.
program based on code inspections. However, their QJ-Pro: It is java review tool used to find the errors
metrics require full system implementations to related with the language standards. It normally used
assess security which makes it impossible to fix during testing phase.
problems at design time. [4] Instead, the most
efficient approach is to enforce security at early VizzAnalyzer: It is a quality analysis tool, reads
phases of the software development lifecycle such as software code and other design specifications as
during the design phase. The National Institute of well as documentation and performs a number of
Standards and Technology stated that eliminating quality analyses.
vulnerabilities in the design stage can cost 30 times
less than fixing them at a later stage. One of the Semmle: Semmle is basically java testing tool used
earliest studies in this area was the development of to enforce coding conventions by finding
software security design principles, these principles programming bug patterns, to compute software
are intended as guidance to help develop secure metrics. All these tasks can be formulated as queries
systems, mainly operating systems, and are not in an object-oriented query language named QL.
capable of quantifying the security levels of designs.
Thus, there is a need for security metrics which OOMeter: This tool is useful for measuring each
objectively measure the security of a given program artifacts produced during software development life
directly from its design artifacts. [6] Study cycle, like requirements, specification, design
conducted by B. Alshammari et al. [3] defined model, source code, test specification.
different security metrics to identify secure design Table I shows different existing tools with the
among different design which are obtained after different coupling metrics .There are design level
refactoring. tools as well as code level tools.
Table I – Supported metrics in Existing Available
III. EXISTING TOOLS AND COMPARATIVE Tools
STUDY Tools Metrics
Following are the existing tools which C W N R C D D
measures quality of software based on defined B M O F O I A
metrics. Some of them can be applied at design level O C C C F T C
and some are at code level.[13]
Classycle --- --- --- --- --- Y ---
Classycle:It analyses static class and package
dependencies in java. It overcome limitation of JDepend --- --- Y --- --- Y ---
JDepend i.e. it finds cyclic dependencies between ES2 Y Y Y --- --- --- ---
classes and packages Semmle --- --- Y Y --- Y ---
JDepend: JDepend automatically measures quality OOMeter Y --- Y --- --- Y ---
of design by managing package dependency. It VizzAnaly Y Y Y Y --- Y ---
examines design and checks weather design shows zer
specified quality or not during refactoring. But it has CKJ Y Y Y Y --- Y ---
some limitations like Cyclic dependency detection,
does not collect source code complexity metrics and IV. COUPLING AND SOFTWARE SECURITY
it can’t differs Java interfaces and Java abstract Coupling is the interaction between
classes. different software components. It is an internal
software property whereas security is external. But
JHAWK: It is a stand-alone, Eclipse many studies have been shown that coupling is
Plugin, command line version It useful to measure closely associated with the Security of software. The
parameters like Cyclometric Complexity,NOP by reason behind this is when information passed
computing loops and iterations existing in a among different components there is more
program. Its disadvantage is Halstead metrics are not probabilities that it is exposed. It makes sense to
used for measuring the program. Limitation of this assume that coupling is important factor that affects
tool is it accepts only java code. security of software. Thus, proposed system aims to
1575 | P a g e
3. Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 5, September- October 2012, pp.1574-1577
develop tool which device security metrics by taking V. SYSTEM DESCRIPTION
into consideration this association. From above study it is clear that there are
different tools to measure the quality of software at
Supported Coupling Metrics:- design level as well as code level. Each tool includes
Here are some of the coupling metrics that can be different set of metrics to measure different quality
devised in proposed system[6]- attributes. When user uses any tool at design level to
1. RFC (Response for a Class) is the number validate the design with the help of included set of
of the methods that can potentially be metrics then there is need to assess the implemented
invoked in response to a public message code with same set of metrics.
received by an object of a particular class. Proposed tool facilitate user to measure
If the number of methods that can be security by applying tool at design level as well as
invoked from a class is high, it is more code with same set of metrics. In this it concerns
difficult and highly coupled to some only one feature of object oriented design which is
methods. highly associated with the security i.e. coupling.
2. WMC (Weighted Methods per Class) is Proposed system is involves three modules, which
defined as the weighted sum of all class’s works in sequential manner.
methods. It is a measure for the complexity First module accepts UML diagram as a
of classes. More complex classes are more input and applies Genetic algorithm on it. Here GA
error-prone, harder to analyze and test. It is is used to obtain more than one design which fulfills
expected that complex classes have higher different levels of fitness function. These alternate
change rates because of bug fixing and designs are of three levels of security i.e. High
refactoring activities. secure, medium secure, low secure.
3 CBO (Coupling Between Object Classes) is
the number of classes that a class is coupled
to. It is calculated by counting other classes Secure Secure
Design
UML design
whose attributes or methods are used by the Genetic level design
given classes plus those that use the diagram Algo metric
attributes or methods of the given class.If a s Metrics
class is highly coupled with other classes, result
changes in other classes can also cause
changes in that class. Module-1
4 (DIT) Depth of Inheritance Tree: the
maximum depth of the class in the GA is a search in which successor states
inheritance tree. It measures the number of are generated from two parent states. It starts with
potential ancestor classes that can affect a randomly generated population. It evolves through
class, i.e., it measures inter-class coupling three phases selection, crossover and mutation.
due to inheritance. Finally best solution is chosen based on the
5 (NOC) Number Of Children: the number of optimization criteria. Each state is assessed by
immediate sub-classes of a class or the fitness function. Then different Security related
count of derived classes. If class class A coupling metrics are applied on all levels of secure
inherits class classB, then class B is the design and stores result.
base class and class A is the derived class. In second module code is implemented for
In other words, class A is the children of highly secure or medium or low secure design .Then
class class B, and class B is the parent of this implemented code get evaluated based on the
class class B. NOC measures inheritance security related same coupling metrics. Means it
complexity. checks coupling aspect at code level to provide
6 COF(Coupling factor):Coupling factor security.
measures the actual coupling among classes
.Maximum coupling accursed when all
classes are coupled with each other. But Code level
maximum coupling leads to complexity Secure Metrics
Coupling
design from result
which is in tern leads to need of security. Module-1 Metrics
7 DAC(Data Abstraction Coupling): This
metric measures the number of
instantiations of other classes within the
given class. It is not caused due to
inheritance or the object oriented paradigm. Module - 2
The higher the DAC, the more complex the
data structure (classes) of the system
1576 | P a g e