Towards an Approach for Security Risk Analysis in COTS Based Development
More and more companies tend to use secure products as COTS to develop their secure systems due to resource limitations. The security concerns add more complexity as well as potential risks to COTS selection process, and it is always a great challenge for developers to make the selection decisions. In this paper, we provide a method for security risk analysis in COTS based development (CBD) based on Common Criteria and our previous work in identifying general risk items for CBD. The research result provides useful insights for developers in identifying security risks, so that it can be used to aid for the COTS selection decision.
Unable to display preview. Download preview PDF.
- 1.Devanbu, P., Stubblebine, S.: Software Engineering for Security: a Roadmap. In: The Future of Software Engineering. Special volume of the proceedings of the 22nd International Conference on Software Engieering – ICSE 2000 (June 2000)Google Scholar
- 2.Kontio, J.: A Case Study in Applying a Systematic Method for COTS Selection. In: Proceedings of the 18th international conference on Software engineering, Berlin, Germany (May 1996)Google Scholar
- 3.Brownsword, L., Oberndorf, T., Sledge, C.: Developing New Processes for COTS-Based Systems. IEEE Software (July/August 2000)Google Scholar
- 5.Common Criteria for Evaluation Criteria for IT Security V2.1. ISO/IEC 15408, National Institute of Standards and Technology (1999)Google Scholar
- 6.Yang, Y., Boehm, B., Wu, D.: COCOTS Risk Analyzer. In: ICCBSS 2006, Orlando, USA (February 2006) (accepted)Google Scholar
- 8.Colbert, E., Wu, D., Chen, Y., Boehm, B.: “Costing Secure Systems”. In: 18th International Forum on COCOMO and Software Cost Modeling, Los Angeles (October 2003)Google Scholar