Abstract
Intangible elements, such as value ranges of software security properties (e.g., confidentiality, integrity and availability), can be seen as resources to enforce software security. There are no standard units regarding these properties, turning their measurement into a difficult process. On the other hand, we can measure or estimate priorities for intangible elements from tangible ones, since their priorities are proportional. The priorities of tangible resources can be used to assign values to the priorities of intangible resources through the experience of the involved analysts. In this paper, we present a theoretical process based on mathematical constructs to score the priority and to estimate measures of software security attributes. This process causes the complex systems decomposition into simpler and smaller systems, thus allowing the estimation of properties that will help the understanding and measurement of software security properties. Our results provide a model for access security; the priority score of security attributes is calculated using the AHP methodology. We illustrate the application of our approach in a Web management system for governmental research institutions, presenting results that may support managers in the prioritization, evaluation and management of security requirements related to Web applications.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
