Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.5.1169

An analysis method for complex attack pattern using the coupling metrics  

Kwon, Ye-Jin (Dankook University)
Park, Young-Bom (Dankook University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.5, 2012 , pp. 1169-1178 More about this Journal
Abstract
Recently, since the most software intensive systems are using internet environment for data exchange, the software security is being treated as a big issue. And, to minimize vulnerability of software system, security ensuring steps which are applying secure coding rules, are introduced in the software development process. But, since actual attacks are using a variety of software vulnerabilities, it is hard to analyze software weakness by monotonic analysis. In this paper, it is tried to against the complex attack on the variety of software vulnerability using the coupling which is one of the important characteristic of software. Furthermore, pre-analysis of the complex attack patterns using a combination of various attack methods, is carried out to predict possible attack patterns in the relationship between software modules. And the complex attack pattern analysis method is proposed based on this result.
Keywords
Secure Coding; Coupling Metrics; Software security;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Gartner, "Now is the time for security at application level," 2005. 12
2 Gary McFraw, "Software Security: Building Security In, Addision-Wesley," 2006
3 John Viega, Gary MaFraw, "Sofrware Security: How to Avoid Security Problems the Right Way, Addsion-Wesley," 2006
4 손윤식, 오세만, "자바 시큐어 코딩," 한국정보과학회, 정보과학회지, 제 28권 제 2호, pp55-62, 2010 . 2.
5 문일룡, 오세만 "모바일 애플리케이션을 위한 취약점 분석기의 설계 및 구현," Journal of Korea Multimedia Society Vol. 14, No. 10., pp1335-1347J, October 2011.   DOI
6 Mark G. Graff, Kenneth R. Van Wyk, "Secure Coding: Principles and Practices," O'Reilly&Associates, Inc., pp.14, Sebastopol, CA, 2003.
7 오준석, 최진영, "시큐어 코딩을 적용한 입력유효성 검사기법제안," 2010 한국컴퓨터종합학술대회 논문집 Vol.37, No.1(B), pp73-76, 2010.
8 CWE, "2011 CWE/SANS Top 25 Most Dangerous Software Errors".
9 Roger S. Pressman, "Software Engineerignn A Practitioners Approach, Fourth Edition," McGrawHill, 1997.
10 Istehad Chowdhurya, Mohammad Zulkernineb, "Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities," Journal of Systems Architecture, Volume 57, Issue 3, pp. 294-313, March 2011   DOI   ScienceOn
11 Norman Fenton and Austin Melton, "Deriving Structurally Based Software Measures," J. System Software, pp. 177-187, 1990.12.
12 H. Dhama, "Quantitative Models of Cohesion and Coupling in Software," Journal of System and Software, pp.65-7, 1995
13 I. Chowdhury, B. Chan, M.Zulkernine, "Security metrics for source code structures, in : Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems," Leipzig Germany, pp.57-64, May 2008,
14 SALLIE HENRY, DENNIS KARUFR, "Sofrtware Structure Metrics Based on Information Flow," IEEE Transaction on software engineering, Vol.SE-7, No.5, September, 1981.
15 Sherif Yacoub, Tom Robinson, H. Ammar, "Dynamic Metrics for Object Oriented Designs," IEEE, 1999.