Abstract
A number of tools, techniques, methods, methodology, and standards are available to quantify the security aspect of software during its development and after it has been implemented. But the interpretation and analysis of the quantified security metrics thus obtained may be difficult for the software development team. Proper and comprehensive interpretation and analysis of quantified security metrics are essential to specify correct security requirements during the requirements engineering phase of SDLC which may result in more secured software. This research work shows how the proposed Misuse Case Oriented Quality Requirements (MCOQR) framework metrics may be used to provide identification, definition, interpretation, and analysis of security metrics during the requirements engineering phase of software development process. The authors also discuss the various primary outcomes that may be obtained using the proposed MCOQR framework metrics using the industry accepted standards like Common Vulnerability Scoring System (CVSS), Common Vulnerability Enumeration (CVE), and Common Weakness Enumeration (CWE). The work proposed is an extension of Misuse Case Oriented Quality Requirements (MCOQR) framework metrics and includes software application-specific database. The study also highlights the areas where future research work can be carried out to further strengthen the entire software system during the software development process.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Morrison, P., Moye, D., & Williams, L. A. (2014). Mapping the field of software security metrics. Departmet of Computer Science: North Carolina State University.
Banerjee, C., & Pandey, S. K. (2009). Software security rules. SDLC Perspective. arXiv preprint.
Banerjee, C., Banerjee, A., & Pandey, S. K. (2016). MCOQR (Misuse case-oriented quality requirements) metrics framework. In Problem solving and uncertainty modeling through optimization and soft computing applications (pp. 184–209). IGI Global.
Rehman, S., & Gruhn, V. (2017, September). Security requirements engineering (SRE) framework for cyber-physical systems (CPS): SRE for CPS. In New Trends in Intelligent Software Methodologies, Tools and Techniques: Proceedings of the 16th International Conference SoMeT_17 (Vol. 297, p. 153). IOS Press.
Braude, E. J., & Bernstein, M. E. (2016). Software engineering: Modern approaches. Waveland Press.
Mead, N. R. (2006). Identifying security requirements using the security quality requirements engineering (SQUARE) method. Integrating Security and Software Engineering, 44–69.
Banerjee, C., Banerjee, A., & Murarka, P. D. (2014). Evaluating the relevance of prevailing software metrics to address issue of security implementation in SDLC. International Journal of Advanced Studies in Computers, Science and Engineering, 3(3), 18.
Karim, N. S. A., Albuolayan, A., Saba, T., & Rehman, A. (2016). The practice of secure software development in SDLC: an investigation through existing model and a case study. Security and Communication Networks, 9(18), 5333–5345.
Raj, G., Singh, D., & Bansal, A. (2014, September). Analysis for security implementation in SDLC. In 2014 5th International Conference on Confluence the Next Generation Information Technology Summit (Confluence) (pp. 221–226). IEEE.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Poonia, A.S., Banerjee, C., Banerjee, A., Sharma, S.K. (2020). Interpreting the Objective Outcome of the Proposed Misuse Case Oriented Quality Requirements (MCOQR) Framework Metrics for Security Quantification. In: Pant, M., Sharma, T., Basterrech, S., Banerjee, C. (eds) Performance Management of Integrated Systems and its Applications in Software Engineering. Asset Analytics. Springer, Singapore. https://doi.org/10.1007/978-981-13-8253-6_9
Download citation
DOI: https://doi.org/10.1007/978-981-13-8253-6_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-8252-9
Online ISBN: 978-981-13-8253-6
eBook Packages: Business and ManagementBusiness and Management (R0)