Security quality model: an extension of Dromey’s model
Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile s...
Ausführliche Beschreibung
Autor*in: |
Zafar, Saad [verfasserIn] |
---|
Format: |
Artikel |
---|---|
Sprache: |
Englisch |
Erschienen: |
2013 |
---|
Schlagwörter: |
---|
Anmerkung: |
© Springer Science+Business Media New York 2013 |
---|
Übergeordnetes Werk: |
Enthalten in: Software quality journal - Springer US, 1992, 23(2013), 1 vom: 18. Okt., Seite 29-54 |
---|---|
Übergeordnetes Werk: |
volume:23 ; year:2013 ; number:1 ; day:18 ; month:10 ; pages:29-54 |
Links: |
---|
DOI / URN: |
10.1007/s11219-013-9223-1 |
---|
Katalog-ID: |
OLC2033732495 |
---|
LEADER | 01000caa a22002652 4500 | ||
---|---|---|---|
001 | OLC2033732495 | ||
003 | DE-627 | ||
005 | 20230504051254.0 | ||
007 | tu | ||
008 | 200819s2013 xx ||||| 00| ||eng c | ||
024 | 7 | |a 10.1007/s11219-013-9223-1 |2 doi | |
035 | |a (DE-627)OLC2033732495 | ||
035 | |a (DE-He213)s11219-013-9223-1-p | ||
040 | |a DE-627 |b ger |c DE-627 |e rakwb | ||
041 | |a eng | ||
082 | 0 | 4 | |a 004 |q VZ |
100 | 1 | |a Zafar, Saad |e verfasserin |4 aut | |
245 | 1 | 0 | |a Security quality model: an extension of Dromey’s model |
264 | 1 | |c 2013 | |
336 | |a Text |b txt |2 rdacontent | ||
337 | |a ohne Hilfsmittel zu benutzen |b n |2 rdamedia | ||
338 | |a Band |b nc |2 rdacarrier | ||
500 | |a © Springer Science+Business Media New York 2013 | ||
520 | |a Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. | ||
650 | 4 | |a Security quality model | |
650 | 4 | |a Security | |
650 | 4 | |a Software defects | |
650 | 4 | |a Application security | |
650 | 4 | |a Dromey’s quality model | |
650 | 4 | |a Security engineering | |
700 | 1 | |a Mehboob, Misbah |4 aut | |
700 | 1 | |a Naveed, Asma |4 aut | |
700 | 1 | |a Malik, Bushra |4 aut | |
773 | 0 | 8 | |i Enthalten in |t Software quality journal |d Springer US, 1992 |g 23(2013), 1 vom: 18. Okt., Seite 29-54 |w (DE-627)131154087 |w (DE-600)1131702-4 |w (DE-576)04308236X |x 0963-9314 |7 nnns |
773 | 1 | 8 | |g volume:23 |g year:2013 |g number:1 |g day:18 |g month:10 |g pages:29-54 |
856 | 4 | 1 | |u https://doi.org/10.1007/s11219-013-9223-1 |z lizenzpflichtig |3 Volltext |
912 | |a GBV_USEFLAG_A | ||
912 | |a SYSFLAG_A | ||
912 | |a GBV_OLC | ||
912 | |a SSG-OLC-MAT | ||
912 | |a GBV_ILN_70 | ||
912 | |a GBV_ILN_170 | ||
912 | |a GBV_ILN_4046 | ||
951 | |a AR | ||
952 | |d 23 |j 2013 |e 1 |b 18 |c 10 |h 29-54 |
author_variant |
s z sz m m mm a n an b m bm |
---|---|
matchkey_str |
article:09639314:2013----::euiyultmdlnxesoo |
hierarchy_sort_str |
2013 |
publishDate |
2013 |
allfields |
10.1007/s11219-013-9223-1 doi (DE-627)OLC2033732495 (DE-He213)s11219-013-9223-1-p DE-627 ger DE-627 rakwb eng 004 VZ Zafar, Saad verfasserin aut Security quality model: an extension of Dromey’s model 2013 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media New York 2013 Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. Security quality model Security Software defects Application security Dromey’s quality model Security engineering Mehboob, Misbah aut Naveed, Asma aut Malik, Bushra aut Enthalten in Software quality journal Springer US, 1992 23(2013), 1 vom: 18. Okt., Seite 29-54 (DE-627)131154087 (DE-600)1131702-4 (DE-576)04308236X 0963-9314 nnns volume:23 year:2013 number:1 day:18 month:10 pages:29-54 https://doi.org/10.1007/s11219-013-9223-1 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT GBV_ILN_70 GBV_ILN_170 GBV_ILN_4046 AR 23 2013 1 18 10 29-54 |
spelling |
10.1007/s11219-013-9223-1 doi (DE-627)OLC2033732495 (DE-He213)s11219-013-9223-1-p DE-627 ger DE-627 rakwb eng 004 VZ Zafar, Saad verfasserin aut Security quality model: an extension of Dromey’s model 2013 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media New York 2013 Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. Security quality model Security Software defects Application security Dromey’s quality model Security engineering Mehboob, Misbah aut Naveed, Asma aut Malik, Bushra aut Enthalten in Software quality journal Springer US, 1992 23(2013), 1 vom: 18. Okt., Seite 29-54 (DE-627)131154087 (DE-600)1131702-4 (DE-576)04308236X 0963-9314 nnns volume:23 year:2013 number:1 day:18 month:10 pages:29-54 https://doi.org/10.1007/s11219-013-9223-1 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT GBV_ILN_70 GBV_ILN_170 GBV_ILN_4046 AR 23 2013 1 18 10 29-54 |
allfields_unstemmed |
10.1007/s11219-013-9223-1 doi (DE-627)OLC2033732495 (DE-He213)s11219-013-9223-1-p DE-627 ger DE-627 rakwb eng 004 VZ Zafar, Saad verfasserin aut Security quality model: an extension of Dromey’s model 2013 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media New York 2013 Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. Security quality model Security Software defects Application security Dromey’s quality model Security engineering Mehboob, Misbah aut Naveed, Asma aut Malik, Bushra aut Enthalten in Software quality journal Springer US, 1992 23(2013), 1 vom: 18. Okt., Seite 29-54 (DE-627)131154087 (DE-600)1131702-4 (DE-576)04308236X 0963-9314 nnns volume:23 year:2013 number:1 day:18 month:10 pages:29-54 https://doi.org/10.1007/s11219-013-9223-1 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT GBV_ILN_70 GBV_ILN_170 GBV_ILN_4046 AR 23 2013 1 18 10 29-54 |
allfieldsGer |
10.1007/s11219-013-9223-1 doi (DE-627)OLC2033732495 (DE-He213)s11219-013-9223-1-p DE-627 ger DE-627 rakwb eng 004 VZ Zafar, Saad verfasserin aut Security quality model: an extension of Dromey’s model 2013 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media New York 2013 Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. Security quality model Security Software defects Application security Dromey’s quality model Security engineering Mehboob, Misbah aut Naveed, Asma aut Malik, Bushra aut Enthalten in Software quality journal Springer US, 1992 23(2013), 1 vom: 18. Okt., Seite 29-54 (DE-627)131154087 (DE-600)1131702-4 (DE-576)04308236X 0963-9314 nnns volume:23 year:2013 number:1 day:18 month:10 pages:29-54 https://doi.org/10.1007/s11219-013-9223-1 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT GBV_ILN_70 GBV_ILN_170 GBV_ILN_4046 AR 23 2013 1 18 10 29-54 |
allfieldsSound |
10.1007/s11219-013-9223-1 doi (DE-627)OLC2033732495 (DE-He213)s11219-013-9223-1-p DE-627 ger DE-627 rakwb eng 004 VZ Zafar, Saad verfasserin aut Security quality model: an extension of Dromey’s model 2013 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © Springer Science+Business Media New York 2013 Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. Security quality model Security Software defects Application security Dromey’s quality model Security engineering Mehboob, Misbah aut Naveed, Asma aut Malik, Bushra aut Enthalten in Software quality journal Springer US, 1992 23(2013), 1 vom: 18. Okt., Seite 29-54 (DE-627)131154087 (DE-600)1131702-4 (DE-576)04308236X 0963-9314 nnns volume:23 year:2013 number:1 day:18 month:10 pages:29-54 https://doi.org/10.1007/s11219-013-9223-1 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT GBV_ILN_70 GBV_ILN_170 GBV_ILN_4046 AR 23 2013 1 18 10 29-54 |
language |
English |
source |
Enthalten in Software quality journal 23(2013), 1 vom: 18. Okt., Seite 29-54 volume:23 year:2013 number:1 day:18 month:10 pages:29-54 |
sourceStr |
Enthalten in Software quality journal 23(2013), 1 vom: 18. Okt., Seite 29-54 volume:23 year:2013 number:1 day:18 month:10 pages:29-54 |
format_phy_str_mv |
Article |
institution |
findex.gbv.de |
topic_facet |
Security quality model Security Software defects Application security Dromey’s quality model Security engineering |
dewey-raw |
004 |
isfreeaccess_bool |
false |
container_title |
Software quality journal |
authorswithroles_txt_mv |
Zafar, Saad @@aut@@ Mehboob, Misbah @@aut@@ Naveed, Asma @@aut@@ Malik, Bushra @@aut@@ |
publishDateDaySort_date |
2013-10-18T00:00:00Z |
hierarchy_top_id |
131154087 |
dewey-sort |
14 |
id |
OLC2033732495 |
language_de |
englisch |
fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">OLC2033732495</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20230504051254.0</controlfield><controlfield tag="007">tu</controlfield><controlfield tag="008">200819s2013 xx ||||| 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s11219-013-9223-1</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)OLC2033732495</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-He213)s11219-013-9223-1-p</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">004</subfield><subfield code="q">VZ</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Zafar, Saad</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Security quality model: an extension of Dromey’s model</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2013</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">ohne Hilfsmittel zu benutzen</subfield><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Band</subfield><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">© Springer Science+Business Media New York 2013</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Security quality model</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Software defects</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Application security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Dromey’s quality model</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Security engineering</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Mehboob, Misbah</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Naveed, Asma</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Malik, Bushra</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Software quality journal</subfield><subfield code="d">Springer US, 1992</subfield><subfield code="g">23(2013), 1 vom: 18. Okt., Seite 29-54</subfield><subfield code="w">(DE-627)131154087</subfield><subfield code="w">(DE-600)1131702-4</subfield><subfield code="w">(DE-576)04308236X</subfield><subfield code="x">0963-9314</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:23</subfield><subfield code="g">year:2013</subfield><subfield code="g">number:1</subfield><subfield code="g">day:18</subfield><subfield code="g">month:10</subfield><subfield code="g">pages:29-54</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">https://doi.org/10.1007/s11219-013-9223-1</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_OLC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-MAT</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_170</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4046</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">23</subfield><subfield code="j">2013</subfield><subfield code="e">1</subfield><subfield code="b">18</subfield><subfield code="c">10</subfield><subfield code="h">29-54</subfield></datafield></record></collection>
|
author |
Zafar, Saad |
spellingShingle |
Zafar, Saad ddc 004 misc Security quality model misc Security misc Software defects misc Application security misc Dromey’s quality model misc Security engineering Security quality model: an extension of Dromey’s model |
authorStr |
Zafar, Saad |
ppnlink_with_tag_str_mv |
@@773@@(DE-627)131154087 |
format |
Article |
dewey-ones |
004 - Data processing & computer science |
delete_txt_mv |
keep |
author_role |
aut aut aut aut |
collection |
OLC |
remote_str |
false |
illustrated |
Not Illustrated |
issn |
0963-9314 |
topic_title |
004 VZ Security quality model: an extension of Dromey’s model Security quality model Security Software defects Application security Dromey’s quality model Security engineering |
topic |
ddc 004 misc Security quality model misc Security misc Software defects misc Application security misc Dromey’s quality model misc Security engineering |
topic_unstemmed |
ddc 004 misc Security quality model misc Security misc Software defects misc Application security misc Dromey’s quality model misc Security engineering |
topic_browse |
ddc 004 misc Security quality model misc Security misc Software defects misc Application security misc Dromey’s quality model misc Security engineering |
format_facet |
Aufsätze Gedruckte Aufsätze |
format_main_str_mv |
Text Zeitschrift/Artikel |
carriertype_str_mv |
nc |
hierarchy_parent_title |
Software quality journal |
hierarchy_parent_id |
131154087 |
dewey-tens |
000 - Computer science, knowledge & systems |
hierarchy_top_title |
Software quality journal |
isfreeaccess_txt |
false |
familylinks_str_mv |
(DE-627)131154087 (DE-600)1131702-4 (DE-576)04308236X |
title |
Security quality model: an extension of Dromey’s model |
ctrlnum |
(DE-627)OLC2033732495 (DE-He213)s11219-013-9223-1-p |
title_full |
Security quality model: an extension of Dromey’s model |
author_sort |
Zafar, Saad |
journal |
Software quality journal |
journalStr |
Software quality journal |
lang_code |
eng |
isOA_bool |
false |
dewey-hundreds |
000 - Computer science, information & general works |
recordtype |
marc |
publishDateSort |
2013 |
contenttype_str_mv |
txt |
container_start_page |
29 |
author_browse |
Zafar, Saad Mehboob, Misbah Naveed, Asma Malik, Bushra |
container_volume |
23 |
class |
004 VZ |
format_se |
Aufsätze |
author-letter |
Zafar, Saad |
doi_str_mv |
10.1007/s11219-013-9223-1 |
dewey-full |
004 |
title_sort |
security quality model: an extension of dromey’s model |
title_auth |
Security quality model: an extension of Dromey’s model |
abstract |
Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. © Springer Science+Business Media New York 2013 |
abstractGer |
Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. © Springer Science+Business Media New York 2013 |
abstract_unstemmed |
Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice. © Springer Science+Business Media New York 2013 |
collection_details |
GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT GBV_ILN_70 GBV_ILN_170 GBV_ILN_4046 |
container_issue |
1 |
title_short |
Security quality model: an extension of Dromey’s model |
url |
https://doi.org/10.1007/s11219-013-9223-1 |
remote_bool |
false |
author2 |
Mehboob, Misbah Naveed, Asma Malik, Bushra |
author2Str |
Mehboob, Misbah Naveed, Asma Malik, Bushra |
ppnlink |
131154087 |
mediatype_str_mv |
n |
isOA_txt |
false |
hochschulschrift_bool |
false |
doi_str |
10.1007/s11219-013-9223-1 |
up_date |
2024-07-03T18:13:10.769Z |
_version_ |
1803582587033092096 |
fullrecord_marcxml |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000caa a22002652 4500</leader><controlfield tag="001">OLC2033732495</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20230504051254.0</controlfield><controlfield tag="007">tu</controlfield><controlfield tag="008">200819s2013 xx ||||| 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s11219-013-9223-1</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)OLC2033732495</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-He213)s11219-013-9223-1-p</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">004</subfield><subfield code="q">VZ</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Zafar, Saad</subfield><subfield code="e">verfasserin</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Security quality model: an extension of Dromey’s model</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2013</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">ohne Hilfsmittel zu benutzen</subfield><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Band</subfield><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">© Springer Science+Business Media New York 2013</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Security quality model</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Software defects</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Application security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Dromey’s quality model</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Security engineering</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Mehboob, Misbah</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Naveed, Asma</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Malik, Bushra</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Software quality journal</subfield><subfield code="d">Springer US, 1992</subfield><subfield code="g">23(2013), 1 vom: 18. Okt., Seite 29-54</subfield><subfield code="w">(DE-627)131154087</subfield><subfield code="w">(DE-600)1131702-4</subfield><subfield code="w">(DE-576)04308236X</subfield><subfield code="x">0963-9314</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:23</subfield><subfield code="g">year:2013</subfield><subfield code="g">number:1</subfield><subfield code="g">day:18</subfield><subfield code="g">month:10</subfield><subfield code="g">pages:29-54</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">https://doi.org/10.1007/s11219-013-9223-1</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_OLC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-MAT</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_70</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_170</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4046</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">23</subfield><subfield code="j">2013</subfield><subfield code="e">1</subfield><subfield code="b">18</subfield><subfield code="c">10</subfield><subfield code="h">29-54</subfield></datafield></record></collection>
|
score |
7.397979 |