Security quality model: an extension of Dromey's model
| LEADER | caa a22 4500 | ||
|---|---|---|---|
| 001 | 605495645 | ||
| 003 | CHVBK | ||
| 005 | 20210128100532.0 | ||
| 007 | cr unu---uuuuu | ||
| 008 | 210128e20150301xx s 000 0 eng | ||
| 024 | 7 | 0 | |a 10.1007/s11219-013-9223-1 |2 doi |
| 035 | |a (NATIONALLICENCE)springer-10.1007/s11219-013-9223-1 | ||
| 245 | 0 | 0 | |a Security quality model: an extension of Dromey's model |h [Elektronische Daten] |c [Saad Zafar, Misbah Mehboob, Asma Naveed, Bushra Malik] |
| 520 | 3 | |a The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey's quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey's model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. | |
| 540 | |a Springer Science+Business Media New York, 2013 | ||
| 690 | 7 | |a Security quality model |2 nationallicence | |
| 690 | 7 | |a Security |2 nationallicence | |
| 690 | 7 | |a Software defects |2 nationallicence | |
| 690 | 7 | |a Application security |2 nationallicence | |
| 690 | 7 | |a Dromey's quality model |2 nationallicence | |
| 690 | 7 | |a Security engineering |2 nationallicence | |
| 700 | 1 | |a Zafar |D Saad |u Faculty of Computing, Riphah International University, Islamabad, Pakistan |4 aut | |
| 700 | 1 | |a Mehboob |D Misbah |u International Islamic University, Islamabad, Pakistan |4 aut | |
| 700 | 1 | |a Naveed |D Asma |u Foundation University College of Liberal Arts and Science, Islamabad, Pakistan |4 aut | |
| 700 | 1 | |a Malik |D Bushra |u Faculty of Computing, Riphah International University, Islamabad, Pakistan |4 aut | |
| 773 | 0 | |t Software Quality Journal |d Springer US; http://www.springer-ny.com |g 23/1(2015-03-01), 29-54 |x 0963-9314 |q 23:1<29 |1 2015 |2 23 |o 11219 | |
| 856 | 4 | 0 | |u https://doi.org/10.1007/s11219-013-9223-1 |q text/html |z Onlinezugriff via DOI |
| 898 | |a BK010053 |b XK010053 |c XK010000 | ||
| 900 | 7 | |a Metadata rights reserved |b Springer special CC-BY-NC licence |2 nationallicence | |
| 908 | |D 1 |a research-article |2 jats | ||
| 949 | |B NATIONALLICENCE |F NATIONALLICENCE |b NL-springer | ||
| 950 | |B NATIONALLICENCE |P 856 |E 40 |u https://doi.org/10.1007/s11219-013-9223-1 |q text/html |z Onlinezugriff via DOI | ||
| 950 | |B NATIONALLICENCE |P 700 |E 1- |a Zafar |D Saad |u Faculty of Computing, Riphah International University, Islamabad, Pakistan |4 aut | ||
| 950 | |B NATIONALLICENCE |P 700 |E 1- |a Mehboob |D Misbah |u International Islamic University, Islamabad, Pakistan |4 aut | ||
| 950 | |B NATIONALLICENCE |P 700 |E 1- |a Naveed |D Asma |u Foundation University College of Liberal Arts and Science, Islamabad, Pakistan |4 aut | ||
| 950 | |B NATIONALLICENCE |P 700 |E 1- |a Malik |D Bushra |u Faculty of Computing, Riphah International University, Islamabad, Pakistan |4 aut | ||
| 950 | |B NATIONALLICENCE |P 773 |E 0- |t Software Quality Journal |d Springer US; http://www.springer-ny.com |g 23/1(2015-03-01), 29-54 |x 0963-9314 |q 23:1<29 |1 2015 |2 23 |o 11219 | ||