Empirical model for quantification of confidentiality in OO system

  • Authors

    • Rakesh Kumar
    • Dr Hardeep Singh
    2018-05-29
    https://doi.org/10.14419/ijet.v7i2.30.13452
  • Bugs, Confidentiality, Coupling, Metrics, Software Security.

  • The coupling or aggregation binds together the different entities or components within the system. An external process when takes or try to take the control of the system will be assisted in its action if the underlying system is highly coupled. A highly coupled design degrades the ability of software to defend against exploitation. Thus from a software developer’s point of view, we must provide so much security at design time that no one outside the system should be able to access in unauthorized way. It is to insure that information leakage is minimal (if not zero as is desired theoretically). This research work done quantitatively, describes the ability of object oriented coupling metrics to predict faulty classes. There are two major section of this paper. One section covers the ability of multi layer neuron perceptron model for prediction of faulty classes and in other section we have proposed and validated a statistical model for confidentiality using data set of dif-ferent releases of apache velocity project so as to quantify the effects of coupling on confidentiality of system.

     

  • References

    1. [1] Abreu, F. B., Pereira, G., & Sousa, P. (2000). A Coupling-Guided Cluster Analysis Approach to Reengineer the Modularity of Object-Oriented Systems. Proceedings of conference on Software Maintenance and Reengineering (CSMR'00), (pp. 13-22). Zurich, Switzerland.

      [2] Agrawal,A., & Khan, R.A. (2012). Role of Coupling in Vulnerability Propagation-Object Oriented Design Perspective. Software Engineering: An International Journal (SEIJ), 2(1), 60-68.

      [3] Alenezi, M. & Abunadi, I. (2015). Evaluating software metrics as predictors of software vulnerabilities. International Journal of Security and Its Applications, 9(10), 231–240.

      [4] Allen, E. B., Khoshgoftaar, T. M., & Chen, Y. (2001).Measuring coupling and cohesion of software modules: an information-theory approach. Proceedings of seventh International Software Metrics Symposium (METRICS'01), (pp. 124-134).

      [5] Arisholm, E., Briand, L. C., & Foyen, A. (2004). Dynamic coupling measurement for object-oriented software. IEEE Transactions on Software Engineering, 30(8), pp. 491-506.

      [6] Ayanam, V. S. (2009). Software Security Vulnerability vs Software Coupling: A Study with Empirical Evidence. Master’s Thesis, Southern Polytechnic State University, Marietta, Georgia, USA.

      [7] Briand, L., Wust, J., & Louinis, H. (1999). Using Coupling Measurement for Impact Analysis in Object-Oriented Systems. Proceedings of IEEE International Conf. on Software Maintenance, (pp. 475-482).

      [8] Briand, L.C., Daly, J., Porter, V., & Wust, J. (1998). Predicting fault-prone classes with design measures in object-oriented systems. Proceedings of the Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257), (pp.334-343). Paderborn. doi:10.1109/ISSRE.1998.730898

      [9] Cartwright, M., & Shepperd, M. (2000). An empirical investigation of an object-oriented software system. IEEE Transactions on Software Engineering, 26 (8), 786-796. doi: 10.1109/32.879814

      [10] Chowdhury, I., & Zulkermine, M. (2011) .Using Complexity, Coupling and Cohesion metrics as Early Indicators of vulnerabilities. Journal of Systems Architecture, 57, 294-313.

      [11] Devanbu, P.T., & Stubblebine, S. (2000). Software engineering for security: A roadmap. Proceedings of the Conference on the Future of Software Engineering (ICSE '00) (pp. 227-239). NY, USA: ACM. doi=http://dx.doi.org/10.1145/336512.336559

      [12] Emam, K. El., Benlarbi, S., Goel, N., Melo, W., Lounis, H., & Rai, S.N. (2002). The optimal class size for object-oriented software. IEEE Transactions on Software Engineering, 28(5), 494-509. doi: 10.1109/TSE.2002.1000452.

      [13] Evanco, W. M. (2003). Comments on The confounding effect of class size on the validity of object-oriented metrics. IEEE Transactions on Software Engineering, 29(7), 670-672. doi: 10.1109/TSE.2003.1214331.

      [14] Fenton, N.E., & Neil, M. (1999). A critique of software defect prediction models. IEEE Transactions on Software Engineering, 25(5), 675-689. doi: 10.1109/32.815326

      [15] Jureczko, M. (2011). Signiï¬cance of different software metrics in defect prediction. Software Engineering: An International Journal, 1, 86-95.

      [16] Krsul, I. V.( 1998).Software Vulnerability Analysis, PhD Thesis, Purdue University, West Lafayette, Indiana, USA.

      [17] Kumar, V., Sharma, A., & Kumar, R. (2013). Applying soft computing approaches to predict defect density in software product releases: An empirical study. Computing and Informatics, 32, 203–224.

      [18] Lagerström R., Baldwin C., MacCormack A., Sturtevant D., & Doolan L. (2017). Exploring the Relationship between Architecture Coupling and Software Vulnerabilities. In: Bodden E., Payer M., Athanasopoulos E. (eds) Engineering Secure Software and Systems. ESSoS 2017. Lecture Notes in Computer Science, vol 10379.Springer.

      [19] Lessmann, S., Baesens, B., Mues, C., & Pietsch, S. (2008). Benchmarking classification models for software defect prediction: A proposed framework and novel findings. IEEE Transaction on Software Engineering, 34(4), 485-496.

      [20] Liu, M. Y. & Traore, I. (2006).Empirical Relation between Coupling and Attackability in Software Systems: A Case Study on DOS. Proceedings of 2006 Workshop on Programming Languages and analysis for Security, (pp. 57-64). Ottawa, Canada.

      [21] Macvittie,L. (2008, March 18). Application Security: Loose Coupling for Legacy Apps [Blog Post]. Retrieved from https://devcentral.f5.com/articles/application-security-loose-coupling-for-legacy-apps

      [22] Olague, H.M., Etzkorn, L. H., Gholston, S., & Quattlebaum, S. (2007). Empirical Validation of Three Software Metrics Suites to Predict Fault-Proneness of Object-Oriented Classes Developed Using Highly Iterative or Agile Software Development Processes. IEEE Transactions on Software Engineering, 33, 402-419. doi: 10.1109/TSE.2007.1015

      [23] Sullivan, M., & Chillarege, R. (2000). Software Defects and Their Impact on System Availability: A Study of Field Failures in Operating Systems. Digest of Papers - FTCS (Fault-Tolerant Computing Symposium).

      [24] Thapaliyal, M. & Verma, G. (2010). Software Defects and Object Oriented Metrics:An Empirical Analysis. International Journal of Computer Applications, 9(5).

      [25] Wilkie, F.G., & Kitchenham, B.A. (2000). Coupling measures and change ripples in C++ application software. Journal of Systems and Software, 52(2-3), 157-164, https://doi.org/10.1016/S0164-1212 (99)00142-9.

      [26] Zimmermann, T., Nagappan, N., Gall, H., Giger, E., & Murphy, B. (2009). Cross-project defect prediction: a large-scale experiment on data vs. domain vs. process. Proceedings of ESEC/ FSE, (pp. 91-100). New York: ACM. http://dx.doi.org/10.1145/1595696.1595713.

  • Downloads

  • How to Cite

    Kumar, R., & Hardeep Singh, D. (2018). Empirical model for quantification of confidentiality in OO system. International Journal of Engineering & Technology, 7(2.30), 1-5. https://doi.org/10.14419/ijet.v7i2.30.13452