Software engineers currently rely on lengthy source code reviews, testing, and static analysis tools to attempt identification of software vulnerabilities. While these are sometimes effective, the methods used are limited and don't catch all security vulnerabilities.Work has been done in identifying areas of software prone to failure through a design metrics approach, and with success. This study aims to extend this idea to software security. The premise of this thesis is that the set of security vulnerabilities overlaps (or may be a subset of) the overall set of software bugs and failures. It is postulated that a good, reliable design should also be a secure design. This thesis identifies design issues which may lead to security vulnerabilities and proposes possible design metric enhancements to capture these design properties. / Department of Computer Science
| Identifer | oai:union.ndltd.org:BSU/oai:cardinalscholar.bsu.edu:handle/188295 |
| Date | January 2007 |
| Creators | Morris, Joseph C. |
| Contributors | Zage, Wayne M. |
| Source Sets | Ball State University |
| Detected Language | English |
| Format | viii, 144 leaves ; 28 cm. |
| Source | Virtual Press |
Page generated in 0.0023 seconds