Work place: Post Graduate Department of Computer Science, University of Kashmir, India
E-mail: irshad.mir@hotmail.com
Website:
Research Interests: Applied computer science, Computer systems and computational processes, Theoretical Computer Science
Biography
Irshad Ahmad Mir is currently pursuing Ph.D degree program in computer science department at University of Kashmir, India.He did his bachelor’s degree in computer application from Amar Singh College Srinagar India and Master Degree in computer application from Kashmir University India. E-mail: irshad.mir@hotmail.com.
By Irshad Ahmad Mir S.M.K Quadri
DOI: https://doi.org/10.5815/ijcnis.2012.11.03, Pub. Date: 8 Oct. 2012
Evaluating the security of software systems is a complex problem for the research communities due to the multifaceted and complex operational environment of the system involved. Many efforts towards the secure system development methodologies like secSDLC by Microsoft have been made but the measurement scale on which the security can be measured got least success. As with a shift in the nature of software development from standalone applications to distributed environment where there are a number of potential adversaries and threats present, security has been outlined and incorporated at the architectural level of the system and so is the need to evaluate and measure the level of security achieved . In this paper we present a framework for security evaluation at the design and architectural phase of the system development. We have outlined the security objectives based on the security requirements of the system and analyzed the behavior of various software architectures styles. As the component-based development (CBD) is an important and widely used model to develop new large scale software due to various benefits like increased reuse, reduce time to market and cost. Our emphasis is on CBD and we have proposed a framework for the security evaluation of Component based software design and derived the security metrics for the main three pillars of security, confidentiality, integrity and availability based on the component composition, dependency and inter component data/information flow. The proposed framework and derived metrics are flexible enough, in way that the system developer can modify the metrics according to the situation and are applicable both at the development phases and as well as after development.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals