Abstract
Nowadays, security represents the new attention of current world. It is the key issue for assuring the quality of software development. Since, security is one of the non-functional requirements; it is recurrently ignored in the requirements phase. And within limited financial statement, security managers have to patch up the increasing number of WeBhouse vulnerabilities. It is possible to reduce software development cost and time to identify user security requirement in the early stage of the software development process.
To develop a secure system, security managers need to assess vulnerabilities in order to prioritize them. In this paper, we discuss security in the WEB ETL processes taking into account business needs and vulnerabilities assessments. To this end, our work evaluates vulnerabilities according to two metrics: severity impact and remediation cost. We adopt the Common Vulnerability Scoring System (CVSS) to quantify the severity impact and extend the Cosmic used for security measuring purposes to estimate the effort needed for remediation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Talib, M.A., Abran, A., Buglione, L.: Scenario based black-box testing in COSMIC-FFP: a case study. ASQ Softw. Qual. Prof. J. 8(3), 23–33 (2006)
Cheng, P., Wang, L., Jajodia, S., Singhal, A.: Aggregating CVSS base scores for semantics rich network security metrics. In: SRDS, pp. 31–40 (2012)
Dammak, S., Ghozzi Jedidi, F., Gargouri, F.: Security measures for Web ETL processes. In: IEEE/ACIS 14th ICIS (2015, to appear)
Frühwirth, C., Mannisto, T.: Improving CVSS-based vulnerability prioritization and response with context information. In: Proceedings of the 3rd International Symposium on Empirical Software Engineering and Measurement, ESEM 2009 Proceeding, pp. 535–544 (2009)
Ghani, H., Luna, J., Suri, N.,: Quantitative assessment of software vulnerabilities based on economic-driven security metrics. In: CRiSIS 2013, pp. 1–8 (2013)
ISO/IEC19761: Software Engineering – COSMIC: A Functional Size Measurement Method. International Organization for Standardization (ISO), Geneva (2011)
Joh, H., Malaiya, Y.K.: Defining and assessing quantitative security risk measures using vulnerability lifecycle and CVSS metrics. In: SAM 2011, International Conference on Security and Management, pp. 10–16 (2011)
Kassab, M., Daneva, M., Ormandjieva, O.: Early quantitative assessment of non-functional requirements. Technical report TR-CTIT-07-35, Centre for Telematics and Information Technology, University of Twente, Enschede (2006). ISSN 1381-3625
Kimbal, R., Merz, R.: Le DATA WEBHOUSE: Analyser les comportements client sur le Web. Eyrolles Edition, Paris (2000)
Kiran, P., Kumar, S.S., Kavya, N.P.: Modelling extraction transformation load embedding privacy preservation using UML. Int. J. Comput. Appl. (2012)
Muralini, M., Kumar, T.V.S.; Kanth, K.R.: Simulating secure data extraction in extraction transformation loading (ETL) processes. In: Third UKSim European Symposium on Computer Modeling and Simulation, pp. 142–147 (2009)
Muralini, M., Kumar, T.V.S.; Kanth, K.R.: Secure ETL process model: an assessmentof security in different phases of ETL. In: Software Engineering Competence Center (2013)
National Institute of Standards and Technology Special Publication 800-30: Risk Management Guide for Information Technology Systems, June 2001
National Institute of Standards and Technology Special Publication 800-53: Recommended Security Controls for Federal Information Systems, December 2007
National Institute of Standards and Technology Special Publication 800-55: Performance Measurement Guide for Information Security, July 2008
Leon, P.G., Saxena, A.: An approach to quantitatively measure information security. In: Proceedings of the 3rd India Software Engineering Conference, ISEC 2010
Pengsu, C., Lingyu, W., Sushil, J., Anoop, S.: Aggregating CVSS base scores for semantics-rich network security metrics. In: SRDS, pp. 31–40. IEEE (2012)
Houmb, S.H., Franqueira, V.N., Engum, E.A.: Quantifying security risk level from CVSS estimates of frequency and impact. J. Syst. Softw. 83(9), 1622–1634 (2010). ISSN 0164-1212
Thompson, W.: Electrical units of measurement. Popular Lect. Addresses 1, 73–136 (1889). Lecture at the Institution of Civil Engineers, London, 3 May 1883
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Dammak, S., Ghozzi Jedidi, F., Gargouri, F. (2016). Quantifying Security in Web ETL Processes. In: Lambrinoudakis, C., Gabillon, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2015. Lecture Notes in Computer Science(), vol 9572. Springer, Cham. https://doi.org/10.1007/978-3-319-31811-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-31811-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31810-3
Online ISBN: 978-3-319-31811-0
eBook Packages: Computer ScienceComputer Science (R0)