Journals Proceedings

Abstract

The field of security metric and security evaluation is multifaceted and multidimensional in nature, which needs great care and systematic approach to evaluate. The security evaluation is a continuous process that should be carried out throughout the different software development stages and also in the operational phases. In practice the secure software development is based upon the guidelines and rules for secure design and coding. Even if the secure software development process and guidelines are to be followed, the resultant level of security remains unknown to the development team. A security evaluation framework that can be applied at the early system development stages,the derived metrics that act as indicators of security level of the system and point out the most critical component of the system , in order to provide the basis for the system developers to take the design decisions regarding security is the foremost requirement of secure software development. In this study we haveproposed the extended security evaluation framework which strikes at the architectural and design phase of the software lifecycle, along with the empirical evaluation on a running system. In The proposed framework the mathematical modeling to derive the security metrics has been adopted. The empirical evaluation is carried out on a Finger Print Attendance Automation system (FASS) developed for the department of computer science UoK.