SlideShare ist ein Scribd-Unternehmen logo

Iv2515741577

IJERA Editor
IJERA Editor
1 von 4
Downloaden Sie, um offline zu lesen
Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 5, September- October 2012, pp.1574-1577 Validating UML Diagram for Security Prof. D.M.Thakore *, Torana N.Kamble.** *(Department of Computer Engineering, Bharti Vidyapeeth Deemed University, College of Engineering, Pune) **(M.Tech. Student, Department of Computer Engineering, Bharti Vidyapeeth Deemed University College of Engineering, Pune ) ABSTRACT Now days there are different quality of object oriented and keep track of design attributes of software artifacts but security has performance. Mainly two kinds of metrics are used got less responsiveness because of different for object oriented design namely-Static metrics and reasons. Like lack of knowledge about which Dynamic metrics. Static metrics are obtained from properties must be considered when it comes to static analysis and dynamic metrics are computed on evaluate security because definition of security is the basis of data collected during the execution of different for different organization and code. Traditional metrics for measuring software accordingly they implement the security metrics. such as Lines of Code (LoC) have been found to be Secure software development is still research insufficient for analysis of object-Oriented software. topic in many organizations, because of the The suite of metrics proposed by Chidamber and failure in designing security at early stage. Kemerer are useful to measure static feature of Traditional approaches focus primarily on code. These code metrics computes different aspects antivirus, firewall, intrusion detection, but all are of complexity of the source code, but not able to at the level of individual program statements and accurately predict the dynamic behaviour of an so on. This approach makes it difficult and costly application is as yet unproven. [8] to determine and repair weakness caused by Evaluating the dynamic behaviour of an design errors. It has been seen that flaws are left application at run time with static metrics is difficult in the software design during development because its behaviour will be influenced by the process are responsible for successful attack. The operational environment as well as complexity of proper care should be taken at the design level object-oriented software.Different metrics have been only. developed for software quality attributes of object- Proposed approach describes oriented designs such as performance, reusability, identification of secure design at early stage with and reliability. However, metrics which measure the the help of design level security metrics and quality attribute of information security have Genetic algorithm (GA). received little attention as security is non-functional The reason of using this algorithm is to quality attribute. exploit previous and alternate solution and Moreover, existing security metrics provides multiple solutions to speedup. Then it measures the system at high level i.e. the whole determines the security aspects of program system’s level or at a low level i.e. the program during execution using set of metrics. It can be code’s level. These approaches are tough and costly achieve by finding some method to log all to determine and fix weaknesses caused by software occurrences of object instantiations, deletions, design errors. [3] method invocations, and direct reference to To overcome these difficulties design attributes while the system is executing. metrics have been developed which measures security at design level. Proposed system applies Keywords- Design, Measurement, Software these design level metrics and gives secure design Security, Security, Quality Metrics, Software .The advantage of this technique is the cost and Metrics. efforts needed to solve the problems after implementation get reduced as it discovers errors at I. INTRODUCTION early stage. And after implementing that secure Due to the modularity and reusability many design it can be tested by different dynamic metrics. software projects are shifted from traditional structured development to object oriented design. In II. LITERATURE SURVEY this Object Oriented approach metrics are useful tool There are different ways of reducing to measure different quality attributes. Metrics are a security risks and vulnerabilities. But a common means for attaining more accurate estimations of approach is to enforce security at the project milestones, and developing a software implementation stage only [5]. system that contains minimal faults. There is project A survey has shown that most of the base metrics which keep track of project security metrics calculate the security at system maintenance, budgeting etc. whereas Design based level it considers system as whole. These are metrics describe the complexity, size and robustness referred as a high level metrics. These metrics check 1574 | P a g e
Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 5, September- October 2012, pp.1574-1577 out not only software but also many other aspects of ES2: It is atool for collecting object oriented design the system.[2] metrics from C++ and Java Code.It is helpful for Several projects have inspected information making quality management decisions in practices. flow through computer program code, by type Chidamber & Kemmerer Java Metrics: It is an analysis, data/control flow analysis, and different open source tool to access CK Object Oriented other ways of identifying and eliminating program Design quality metric by processing the byte-code of code vulnerabilities.[10] There are number of compiled Java files. It is command line version and security metrics that assess the security of a given generates output in text format. program based on code inspections. However, their QJ-Pro: It is java review tool used to find the errors metrics require full system implementations to related with the language standards. It normally used assess security which makes it impossible to fix during testing phase. problems at design time. [4] Instead, the most efficient approach is to enforce security at early VizzAnalyzer: It is a quality analysis tool, reads phases of the software development lifecycle such as software code and other design specifications as during the design phase. The National Institute of well as documentation and performs a number of Standards and Technology stated that eliminating quality analyses. vulnerabilities in the design stage can cost 30 times less than fixing them at a later stage. One of the Semmle: Semmle is basically java testing tool used earliest studies in this area was the development of to enforce coding conventions by finding software security design principles, these principles programming bug patterns, to compute software are intended as guidance to help develop secure metrics. All these tasks can be formulated as queries systems, mainly operating systems, and are not in an object-oriented query language named QL. capable of quantifying the security levels of designs. Thus, there is a need for security metrics which OOMeter: This tool is useful for measuring each objectively measure the security of a given program artifacts produced during software development life directly from its design artifacts. [6] Study cycle, like requirements, specification, design conducted by B. Alshammari et al. [3] defined model, source code, test specification. different security metrics to identify secure design Table I shows different existing tools with the among different design which are obtained after different coupling metrics .There are design level refactoring. tools as well as code level tools. Table I – Supported metrics in Existing Available III. EXISTING TOOLS AND COMPARATIVE Tools STUDY Tools Metrics Following are the existing tools which C W N R C D D measures quality of software based on defined B M O F O I A metrics. Some of them can be applied at design level O C C C F T C and some are at code level.[13] Classycle --- --- --- --- --- Y --- Classycle:It analyses static class and package dependencies in java. It overcome limitation of JDepend --- --- Y --- --- Y --- JDepend i.e. it finds cyclic dependencies between ES2 Y Y Y --- --- --- --- classes and packages Semmle --- --- Y Y --- Y --- JDepend: JDepend automatically measures quality OOMeter Y --- Y --- --- Y --- of design by managing package dependency. It VizzAnaly Y Y Y Y --- Y --- examines design and checks weather design shows zer specified quality or not during refactoring. But it has CKJ Y Y Y Y --- Y --- some limitations like Cyclic dependency detection, does not collect source code complexity metrics and IV. COUPLING AND SOFTWARE SECURITY it can’t differs Java interfaces and Java abstract Coupling is the interaction between classes. different software components. It is an internal software property whereas security is external. But JHAWK: It is a stand-alone, Eclipse many studies have been shown that coupling is Plugin, command line version It useful to measure closely associated with the Security of software. The parameters like Cyclometric Complexity,NOP by reason behind this is when information passed computing loops and iterations existing in a among different components there is more program. Its disadvantage is Halstead metrics are not probabilities that it is exposed. It makes sense to used for measuring the program. Limitation of this assume that coupling is important factor that affects tool is it accepts only java code. security of software. Thus, proposed system aims to 1575 | P a g e
Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 5, September- October 2012, pp.1574-1577 develop tool which device security metrics by taking V. SYSTEM DESCRIPTION into consideration this association. From above study it is clear that there are different tools to measure the quality of software at Supported Coupling Metrics:- design level as well as code level. Each tool includes Here are some of the coupling metrics that can be different set of metrics to measure different quality devised in proposed system[6]- attributes. When user uses any tool at design level to 1. RFC (Response for a Class) is the number validate the design with the help of included set of of the methods that can potentially be metrics then there is need to assess the implemented invoked in response to a public message code with same set of metrics. received by an object of a particular class. Proposed tool facilitate user to measure If the number of methods that can be security by applying tool at design level as well as invoked from a class is high, it is more code with same set of metrics. In this it concerns difficult and highly coupled to some only one feature of object oriented design which is methods. highly associated with the security i.e. coupling. 2. WMC (Weighted Methods per Class) is Proposed system is involves three modules, which defined as the weighted sum of all class’s works in sequential manner. methods. It is a measure for the complexity First module accepts UML diagram as a of classes. More complex classes are more input and applies Genetic algorithm on it. Here GA error-prone, harder to analyze and test. It is is used to obtain more than one design which fulfills expected that complex classes have higher different levels of fitness function. These alternate change rates because of bug fixing and designs are of three levels of security i.e. High refactoring activities. secure, medium secure, low secure. 3 CBO (Coupling Between Object Classes) is the number of classes that a class is coupled to. It is calculated by counting other classes Secure Secure Design UML design whose attributes or methods are used by the Genetic level design given classes plus those that use the diagram Algo metric attributes or methods of the given class.If a s Metrics class is highly coupled with other classes, result changes in other classes can also cause changes in that class. Module-1 4 (DIT) Depth of Inheritance Tree: the maximum depth of the class in the GA is a search in which successor states inheritance tree. It measures the number of are generated from two parent states. It starts with potential ancestor classes that can affect a randomly generated population. It evolves through class, i.e., it measures inter-class coupling three phases selection, crossover and mutation. due to inheritance. Finally best solution is chosen based on the 5 (NOC) Number Of Children: the number of optimization criteria. Each state is assessed by immediate sub-classes of a class or the fitness function. Then different Security related count of derived classes. If class class A coupling metrics are applied on all levels of secure inherits class classB, then class B is the design and stores result. base class and class A is the derived class. In second module code is implemented for In other words, class A is the children of highly secure or medium or low secure design .Then class class B, and class B is the parent of this implemented code get evaluated based on the class class B. NOC measures inheritance security related same coupling metrics. Means it complexity. checks coupling aspect at code level to provide 6 COF(Coupling factor):Coupling factor security. measures the actual coupling among classes .Maximum coupling accursed when all classes are coupled with each other. But Code level maximum coupling leads to complexity Secure Metrics Coupling design from result which is in tern leads to need of security. Module-1 Metrics 7 DAC(Data Abstraction Coupling): This metric measures the number of instantiations of other classes within the given class. It is not caused due to inheritance or the object oriented paradigm. Module - 2 The higher the DAC, the more complex the data structure (classes) of the system 1576 | P a g e
Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 5, September- October 2012, pp.1574-1577 Third module is nothing but the validation of all [4] I. Chowdhury, B. Chan, and M. designs. It compares metrics results computed at Zulkernine, “Security metrics for design level and code level to generate the graph. sourcecode structures,” in Proceedings of the Fourth International Workshop onSoftware Engineering for Secure Systems, (Leipzig, Germany), ACM, 2008.. [5] Smriti Jain, “A Review of Security Metrics in Software Development Process” et al / (IJCSIT) International Journal of Computer Science and Information Technologies, 2011. [6] IstehadChowdhury, Mohammad Zulkernine VI. CONCLUSION “Can Complexity, Coupling, and Cohesion Existing software metric tools interpret and Metrics be Used as Early Indicators of implement the definitions of object-oriented Vulnerabilities?” ACM 2010. software metrics differently. This provides results [7] S. Chidamber and C. Kemerer, “A metrics based on tool-dependent metrics and has even suite for object oriented design,” IEEE allegations on the results of analyses based on these Transactions on Software Engineering, vol. metrics results. In short, the metrics based 20, pp. 476–493, 1994., assessment of a software system and measures taken [8] M. Fowler, Refactoring: Improving The to improve its design differ considerably from tool Design of Existing Code. Reading, MA: to tool. So the limitation is all tools are platform Addison-Wesley, 1999 dependent. There are separate tools for dynamic [9] Payal Khurana&Puneet Jai Kaur metrics, static metrics and for reverse engineering. DYNAMIC METRICS AT DESIGN LEVEL But the proposed system develops a tool which ,International Journal of Information applies dynamic as well as static metrics on design Technology and Knowledge Management by considering coupling of classes and objects. And July-December 2009, Volume 2, No. 2, pp. also applies reverse engineering to validate the 449-454 design. Again in proposed tool uses genetic [10] AmjanShaik,C. R. K. Reddy, BalaManda, algorithm for alternate designs. Benefit to use this Prakashini. C, Deepthi. K, “An Empirical algorithm is it is easy to understand and multi object Validation of Object Oriented Design optimizer. Metrics in Object Oriented Systems” There is lot of scope in future work as the Journal of Emerging Trends in Engineering dynamic metrics are related with the behaviour of and Applied Sciences (JETEAS) ,(ISSN: the program, they have advantage of more precise, 2141-7016). but difficult to implement compare to static one .So [11] John Lloyd1 and Jan Jürjens2,„Security there is clear opportunity for researcher to work in Analysis of a Biometric Authentication hybrid approach where dynamic results can be System „Using UMLsec and JML*, A. augmented by static information for collection of Schürr and B. Selic (Eds.): MODELS 2009, metrics data. LNCS 5795, pp. 77–91, 2009.,© Springer- Verlag Berlin Heidelberg 2009 REFERENCES [12] M. Y. Liu and I. Traore, “Empirical [1] J. Bansiya and C. G. Davis, “A relation between coupling and attackability hierarchical model for object-oriented in software systems: a case study on DOS,” design quality assessment,” IEEE in Proceedings of the 2006 Workshop on Transactions on Software Engineering, vol. Programming Languages and Analysis for 28, pp. 4–17, 2002 .. Security Ottawa. Ontario, Canada: ACM, [2] P K. Manadhata, K. M. C. Tan, R. A. 2006, pp. 57–64 Maxion, and J. M. Wing, “An approach to [13] Rüdiger Lincke, Jonas Lundberg and Welf measuring a system‟s attack surface,” Löwe,“Comparing Software Metric Tools”, Tech. Rep. CMU-CS- 07-146, Carnegie 2008 ACM 978-1-59593-904-3/08/07. Mellon University, Pittsburgh, PA, August 2007. [3] B. Alshammari, C. J. Fidge, and D. Corney, “Security metrics for object-oriented class designs,” in Proceedings of the Ninth International Conference on Quality Software (QSIC 2009), (Jeju, Korea), pp. 11–20, IEEE, 2009 1577 | P a g e

Empfohlen

Cm24585587
Cm24585587Cm24585587
Cm24585587IJERA Editor
 
Sofware Engineering Important Past Paper 2019
Sofware Engineering Important Past Paper 2019Sofware Engineering Important Past Paper 2019
Sofware Engineering Important Past Paper 2019MuhammadTalha436
 
14 software technical_metrics
14 software technical_metrics14 software technical_metrics
14 software technical_metricsUniversity of Computer Science and Technology
 
Software Metrics for Identifying Software Size in Software Development Projects
Software Metrics for Identifying Software Size in Software Development ProjectsSoftware Metrics for Identifying Software Size in Software Development Projects
Software Metrics for Identifying Software Size in Software Development ProjectsVishvi Vidanapathirana
 
Software engineering lecture notes
Software engineering lecture notesSoftware engineering lecture notes
Software engineering lecture notesAmmar Shafiq
 
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSijcsa
 
Quality Attribute: Testability
Quality Attribute: TestabilityQuality Attribute: Testability
Quality Attribute: TestabilityPranay Singh
 
A Study of Significant Software Metrics
A Study of Significant Software MetricsA Study of Significant Software Metrics
A Study of Significant Software MetricsInternational Journal of Engineering Inventions www.ijeijournal.com
 

Empfohlen

Cm24585587
Cm24585587Cm24585587
Cm24585587IJERA Editor
 
Sofware Engineering Important Past Paper 2019
Sofware Engineering Important Past Paper 2019Sofware Engineering Important Past Paper 2019
Sofware Engineering Important Past Paper 2019MuhammadTalha436
 
14 software technical_metrics
14 software technical_metrics14 software technical_metrics
14 software technical_metricsUniversity of Computer Science and Technology
 
Software Metrics for Identifying Software Size in Software Development Projects
Software Metrics for Identifying Software Size in Software Development ProjectsSoftware Metrics for Identifying Software Size in Software Development Projects
Software Metrics for Identifying Software Size in Software Development ProjectsVishvi Vidanapathirana
 
Software engineering lecture notes
Software engineering lecture notesSoftware engineering lecture notes
Software engineering lecture notesAmmar Shafiq
 
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSijcsa
 
Quality Attribute: Testability
Quality Attribute: TestabilityQuality Attribute: Testability
Quality Attribute: TestabilityPranay Singh
 
A Study of Significant Software Metrics
A Study of Significant Software MetricsA Study of Significant Software Metrics
A Study of Significant Software MetricsInternational Journal of Engineering Inventions www.ijeijournal.com
 
Software engg unit 4
Software engg unit 4 Software engg unit 4
Software engg unit 4 Vivek Kumar Sinha
 
Software Metrics - Software Engineering
Software Metrics - Software EngineeringSoftware Metrics - Software Engineering
Software Metrics - Software EngineeringDrishti Bhalla
 
Software Engineering Solved Past Paper 2020
Software Engineering Solved Past Paper 2020 Software Engineering Solved Past Paper 2020
Software Engineering Solved Past Paper 2020 MuhammadTalha436
 
Software Engineering and Information Security
Software Engineering and Information SecuritySoftware Engineering and Information Security
Software Engineering and Information SecurityMassimo Felici
 
factors
factors factors
factorsZahid Mahmood
 
Empirical Study of Software Development Life Cycle and its Various Models
Empirical Study of Software Development Life Cycle and its Various ModelsEmpirical Study of Software Development Life Cycle and its Various Models
Empirical Study of Software Development Life Cycle and its Various ModelsCSCJournals
 
Software engg unit 1
Software engg unit 1 Software engg unit 1
Software engg unit 1 Vivek Kumar Sinha
 
SWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software EngineeringSWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software Engineeringghayour abbas
 
SE Unit 1
SE Unit 1SE Unit 1
SE Unit 1UmaMaheswariBHCInfor
 
Software engg unit 3
Software engg unit 3 Software engg unit 3
Software engg unit 3 Vivek Kumar Sinha
 
Software Metrics
Software MetricsSoftware Metrics
Software MetricsMassimo Felici
 
Software metrics
Software metricsSoftware metrics
Software metricssyeda madeha azmat
 
Unit1..
Unit1..Unit1..
Unit1..Pokuri BharathKumarChowdary
 
1811 1815
1811 18151811 1815
1811 1815Editor IJARCET
 
Software Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsSoftware Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsNishu Rastogi
 
Unit 5
Unit 5Unit 5
Unit 5anuragmbst
 
Software metrics
Software metricsSoftware metrics
Software metricsMatthias Mullie
 
Hj2413101315
Hj2413101315Hj2413101315
Hj2413101315IJERA Editor
 
Id2414301437
Id2414301437Id2414301437
Id2414301437IJERA Editor
 
Gr2411971203
Gr2411971203Gr2411971203
Gr2411971203IJERA Editor
 
Gu2412131219
Gu2412131219Gu2412131219
Gu2412131219IJERA Editor
 
Iy2515891593
Iy2515891593Iy2515891593
Iy2515891593IJERA Editor
 

Weitere ähnliche Inhalte

Was ist angesagt?

Software Metrics - Software Engineering
Software Metrics - Software EngineeringSoftware Metrics - Software Engineering
Software Metrics - Software EngineeringDrishti Bhalla
 
Software Engineering Solved Past Paper 2020
Software Engineering Solved Past Paper 2020 Software Engineering Solved Past Paper 2020
Software Engineering Solved Past Paper 2020 MuhammadTalha436
 
Software Engineering and Information Security
Software Engineering and Information SecuritySoftware Engineering and Information Security
Software Engineering and Information SecurityMassimo Felici
 
Empirical Study of Software Development Life Cycle and its Various Models
Empirical Study of Software Development Life Cycle and its Various ModelsEmpirical Study of Software Development Life Cycle and its Various Models
Empirical Study of Software Development Life Cycle and its Various ModelsCSCJournals
 
SWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software EngineeringSWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software Engineeringghayour abbas
 
Software Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsSoftware Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsNishu Rastogi
 

Was ist angesagt? (17)

Software engg unit 4
Software engg unit 4 Software engg unit 4
Software engg unit 4
 
Software Metrics - Software Engineering
Software Metrics - Software EngineeringSoftware Metrics - Software Engineering
Software Metrics - Software Engineering
 
Software Engineering Solved Past Paper 2020
Software Engineering Solved Past Paper 2020 Software Engineering Solved Past Paper 2020
Software Engineering Solved Past Paper 2020
 
Software Engineering and Information Security
Software Engineering and Information SecuritySoftware Engineering and Information Security
Software Engineering and Information Security
 
factors
factors factors
factors
 
Empirical Study of Software Development Life Cycle and its Various Models
Empirical Study of Software Development Life Cycle and its Various ModelsEmpirical Study of Software Development Life Cycle and its Various Models
Empirical Study of Software Development Life Cycle and its Various Models
 
Software engg unit 1
Software engg unit 1 Software engg unit 1
Software engg unit 1
 
SWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software EngineeringSWE-401 - 1. Introduction to Software Engineering
SWE-401 - 1. Introduction to Software Engineering
 
SE Unit 1
SE Unit 1SE Unit 1
SE Unit 1
 
Software engg unit 3
Software engg unit 3 Software engg unit 3
Software engg unit 3
 
Software Metrics
Software MetricsSoftware Metrics
Software Metrics
 
Software metrics
Software metricsSoftware metrics
Software metrics
 
Unit1..
Unit1..Unit1..
Unit1..
 
1811 1815
1811 18151811 1815
1811 1815
 
Software Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsSoftware Engineering- Crisis and Process Models
Software Engineering- Crisis and Process Models
 
Unit 5
Unit 5Unit 5
Unit 5
 
Software metrics
Software metricsSoftware metrics
Software metrics
 

Andere mochten auch

Clase 3 gestion entrada salida
Clase 3 gestion entrada salidaClase 3 gestion entrada salida
Clase 3 gestion entrada salidaUPTM
 

Andere mochten auch (20)

Hj2413101315
Hj2413101315Hj2413101315
Hj2413101315
 
Id2414301437
Id2414301437Id2414301437
Id2414301437
 
Gr2411971203
Gr2411971203Gr2411971203
Gr2411971203
 
Gu2412131219
Gu2412131219Gu2412131219
Gu2412131219
 
Iy2515891593
Iy2515891593Iy2515891593
Iy2515891593
 
Ht2413701376
Ht2413701376Ht2413701376
Ht2413701376
 
Gz2412431253
Gz2412431253Gz2412431253
Gz2412431253
 
Jc2516111615
Jc2516111615Jc2516111615
Jc2516111615
 
My2421322135
My2421322135My2421322135
My2421322135
 
Ia2514401444
Ia2514401444Ia2514401444
Ia2514401444
 
Ji2516561662
Ji2516561662Ji2516561662
Ji2516561662
 
Hh2513151319
Hh2513151319Hh2513151319
Hh2513151319
 
Hr2413591363
Hr2413591363Hr2413591363
Hr2413591363
 
Hd2412771281
Hd2412771281Hd2412771281
Hd2412771281
 
Hy2514281431
Hy2514281431Hy2514281431
Hy2514281431
 
Ir2515501556
Ir2515501556Ir2515501556
Ir2515501556
 
La2418611866
La2418611866La2418611866
La2418611866
 
Hn2413371341
Hn2413371341Hn2413371341
Hn2413371341
 
Hx2413921400
Hx2413921400Hx2413921400
Hx2413921400
 
Clase 3 gestion entrada salida
Clase 3 gestion entrada salidaClase 3 gestion entrada salida
Clase 3 gestion entrada salida
 

Ähnlich wie Iv2515741577

Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignIJCSIS Research Publications
 
Exploring the Efficiency of the Program using OOAD Metrics
Exploring the Efficiency of the Program using OOAD MetricsExploring the Efficiency of the Program using OOAD Metrics
Exploring the Efficiency of the Program using OOAD MetricsIRJET Journal
 
Software Engineering (Short & Long Questions)
Software Engineering (Short & Long Questions)Software Engineering (Short & Long Questions)
Software Engineering (Short & Long Questions)MuhammadTalha436
 
Class quality evaluation using class quality scorecards
Class quality evaluation using class quality scorecardsClass quality evaluation using class quality scorecards
Class quality evaluation using class quality scorecardsIAEME Publication
 
Class quality evaluation using class quality
Class quality evaluation using class qualityClass quality evaluation using class quality
Class quality evaluation using class qualityIAEME Publication
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSoftServe
 
Software Quality Measure
Software Quality MeasureSoftware Quality Measure
Software Quality MeasureEditor IJCATR
 
A Compound Metric for Identification of Fault Prone Modules
A Compound Metric for Identification of Fault Prone ModulesA Compound Metric for Identification of Fault Prone Modules
A Compound Metric for Identification of Fault Prone Modulesiosrjce
 
IRJET- Research Study on Testing Mantle in SDLC
IRJET- Research Study on Testing Mantle in SDLCIRJET- Research Study on Testing Mantle in SDLC
IRJET- Research Study on Testing Mantle in SDLCIRJET Journal
 
Work of art practices in software development.
Work of art practices in software development. Work of art practices in software development.
Work of art practices in software development. Communication Progress
 
Software Specifications with details exp
Software Specifications with details expSoftware Specifications with details exp
Software Specifications with details expAkhileshPansare
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
 
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSijcsa
 
Bridge Process Model
Bridge Process ModelBridge Process Model
Bridge Process ModelStephen Raj
 
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPUR
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPURLine Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPUR
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPURNA000000
 
Relational Analysis of Software Developer’s Quality Assures
Relational Analysis of Software Developer’s Quality AssuresRelational Analysis of Software Developer’s Quality Assures
Relational Analysis of Software Developer’s Quality AssuresIOSR Journals
 

Ähnlich wie Iv2515741577 (20)

Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class Design
 
Exploring the Efficiency of the Program using OOAD Metrics
Exploring the Efficiency of the Program using OOAD MetricsExploring the Efficiency of the Program using OOAD Metrics
Exploring the Efficiency of the Program using OOAD Metrics
 
Software Engineering (Short & Long Questions)
Software Engineering (Short & Long Questions)Software Engineering (Short & Long Questions)
Software Engineering (Short & Long Questions)
 
Class quality evaluation using class quality scorecards
Class quality evaluation using class quality scorecardsClass quality evaluation using class quality scorecards
Class quality evaluation using class quality scorecards
 
Class quality evaluation using class quality
Class quality evaluation using class qualityClass quality evaluation using class quality
Class quality evaluation using class quality
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar Tymoshyk
 
Software Quality Measure
Software Quality MeasureSoftware Quality Measure
Software Quality Measure
 
A Compound Metric for Identification of Fault Prone Modules
A Compound Metric for Identification of Fault Prone ModulesA Compound Metric for Identification of Fault Prone Modules
A Compound Metric for Identification of Fault Prone Modules
 
G017653135
G017653135G017653135
G017653135
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
Ijetcas14 545
Ijetcas14 545Ijetcas14 545
Ijetcas14 545
 
242296
242296242296
242296
 
IRJET- Research Study on Testing Mantle in SDLC
IRJET- Research Study on Testing Mantle in SDLCIRJET- Research Study on Testing Mantle in SDLC
IRJET- Research Study on Testing Mantle in SDLC
 
Work of art practices in software development.
Work of art practices in software development. Work of art practices in software development.
Work of art practices in software development.
 
Software Specifications with details exp
Software Specifications with details expSoftware Specifications with details exp
Software Specifications with details exp
 
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...
 
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICSANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
 
Bridge Process Model
Bridge Process ModelBridge Process Model
Bridge Process Model
 
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPUR
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPURLine Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPUR
Line Of Code(LOC) In Software Engineering By NADEEM AHMED FROM DEPALPUR
 
Relational Analysis of Software Developer’s Quality Assures
Relational Analysis of Software Developer’s Quality AssuresRelational Analysis of Software Developer’s Quality Assures
Relational Analysis of Software Developer’s Quality Assures
 

Iv2515741577

  • 1. Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 5, September- October 2012, pp.1574-1577 Validating UML Diagram for Security Prof. D.M.Thakore *, Torana N.Kamble.** *(Department of Computer Engineering, Bharti Vidyapeeth Deemed University, College of Engineering, Pune) **(M.Tech. Student, Department of Computer Engineering, Bharti Vidyapeeth Deemed University College of Engineering, Pune ) ABSTRACT Now days there are different quality of object oriented and keep track of design attributes of software artifacts but security has performance. Mainly two kinds of metrics are used got less responsiveness because of different for object oriented design namely-Static metrics and reasons. Like lack of knowledge about which Dynamic metrics. Static metrics are obtained from properties must be considered when it comes to static analysis and dynamic metrics are computed on evaluate security because definition of security is the basis of data collected during the execution of different for different organization and code. Traditional metrics for measuring software accordingly they implement the security metrics. such as Lines of Code (LoC) have been found to be Secure software development is still research insufficient for analysis of object-Oriented software. topic in many organizations, because of the The suite of metrics proposed by Chidamber and failure in designing security at early stage. Kemerer are useful to measure static feature of Traditional approaches focus primarily on code. These code metrics computes different aspects antivirus, firewall, intrusion detection, but all are of complexity of the source code, but not able to at the level of individual program statements and accurately predict the dynamic behaviour of an so on. This approach makes it difficult and costly application is as yet unproven. [8] to determine and repair weakness caused by Evaluating the dynamic behaviour of an design errors. It has been seen that flaws are left application at run time with static metrics is difficult in the software design during development because its behaviour will be influenced by the process are responsible for successful attack. The operational environment as well as complexity of proper care should be taken at the design level object-oriented software.Different metrics have been only. developed for software quality attributes of object- Proposed approach describes oriented designs such as performance, reusability, identification of secure design at early stage with and reliability. However, metrics which measure the the help of design level security metrics and quality attribute of information security have Genetic algorithm (GA). received little attention as security is non-functional The reason of using this algorithm is to quality attribute. exploit previous and alternate solution and Moreover, existing security metrics provides multiple solutions to speedup. Then it measures the system at high level i.e. the whole determines the security aspects of program system’s level or at a low level i.e. the program during execution using set of metrics. It can be code’s level. These approaches are tough and costly achieve by finding some method to log all to determine and fix weaknesses caused by software occurrences of object instantiations, deletions, design errors. [3] method invocations, and direct reference to To overcome these difficulties design attributes while the system is executing. metrics have been developed which measures security at design level. Proposed system applies Keywords- Design, Measurement, Software these design level metrics and gives secure design Security, Security, Quality Metrics, Software .The advantage of this technique is the cost and Metrics. efforts needed to solve the problems after implementation get reduced as it discovers errors at I. INTRODUCTION early stage. And after implementing that secure Due to the modularity and reusability many design it can be tested by different dynamic metrics. software projects are shifted from traditional structured development to object oriented design. In II. LITERATURE SURVEY this Object Oriented approach metrics are useful tool There are different ways of reducing to measure different quality attributes. Metrics are a security risks and vulnerabilities. But a common means for attaining more accurate estimations of approach is to enforce security at the project milestones, and developing a software implementation stage only [5]. system that contains minimal faults. There is project A survey has shown that most of the base metrics which keep track of project security metrics calculate the security at system maintenance, budgeting etc. whereas Design based level it considers system as whole. These are metrics describe the complexity, size and robustness referred as a high level metrics. These metrics check 1574 | P a g e
  • 2. Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 5, September- October 2012, pp.1574-1577 out not only software but also many other aspects of ES2: It is atool for collecting object oriented design the system.[2] metrics from C++ and Java Code.It is helpful for Several projects have inspected information making quality management decisions in practices. flow through computer program code, by type Chidamber & Kemmerer Java Metrics: It is an analysis, data/control flow analysis, and different open source tool to access CK Object Oriented other ways of identifying and eliminating program Design quality metric by processing the byte-code of code vulnerabilities.[10] There are number of compiled Java files. It is command line version and security metrics that assess the security of a given generates output in text format. program based on code inspections. However, their QJ-Pro: It is java review tool used to find the errors metrics require full system implementations to related with the language standards. It normally used assess security which makes it impossible to fix during testing phase. problems at design time. [4] Instead, the most efficient approach is to enforce security at early VizzAnalyzer: It is a quality analysis tool, reads phases of the software development lifecycle such as software code and other design specifications as during the design phase. The National Institute of well as documentation and performs a number of Standards and Technology stated that eliminating quality analyses. vulnerabilities in the design stage can cost 30 times less than fixing them at a later stage. One of the Semmle: Semmle is basically java testing tool used earliest studies in this area was the development of to enforce coding conventions by finding software security design principles, these principles programming bug patterns, to compute software are intended as guidance to help develop secure metrics. All these tasks can be formulated as queries systems, mainly operating systems, and are not in an object-oriented query language named QL. capable of quantifying the security levels of designs. Thus, there is a need for security metrics which OOMeter: This tool is useful for measuring each objectively measure the security of a given program artifacts produced during software development life directly from its design artifacts. [6] Study cycle, like requirements, specification, design conducted by B. Alshammari et al. [3] defined model, source code, test specification. different security metrics to identify secure design Table I shows different existing tools with the among different design which are obtained after different coupling metrics .There are design level refactoring. tools as well as code level tools. Table I – Supported metrics in Existing Available III. EXISTING TOOLS AND COMPARATIVE Tools STUDY Tools Metrics Following are the existing tools which C W N R C D D measures quality of software based on defined B M O F O I A metrics. Some of them can be applied at design level O C C C F T C and some are at code level.[13] Classycle --- --- --- --- --- Y --- Classycle:It analyses static class and package dependencies in java. It overcome limitation of JDepend --- --- Y --- --- Y --- JDepend i.e. it finds cyclic dependencies between ES2 Y Y Y --- --- --- --- classes and packages Semmle --- --- Y Y --- Y --- JDepend: JDepend automatically measures quality OOMeter Y --- Y --- --- Y --- of design by managing package dependency. It VizzAnaly Y Y Y Y --- Y --- examines design and checks weather design shows zer specified quality or not during refactoring. But it has CKJ Y Y Y Y --- Y --- some limitations like Cyclic dependency detection, does not collect source code complexity metrics and IV. COUPLING AND SOFTWARE SECURITY it can’t differs Java interfaces and Java abstract Coupling is the interaction between classes. different software components. It is an internal software property whereas security is external. But JHAWK: It is a stand-alone, Eclipse many studies have been shown that coupling is Plugin, command line version It useful to measure closely associated with the Security of software. The parameters like Cyclometric Complexity,NOP by reason behind this is when information passed computing loops and iterations existing in a among different components there is more program. Its disadvantage is Halstead metrics are not probabilities that it is exposed. It makes sense to used for measuring the program. Limitation of this assume that coupling is important factor that affects tool is it accepts only java code. security of software. Thus, proposed system aims to 1575 | P a g e
  • 3. Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 5, September- October 2012, pp.1574-1577 develop tool which device security metrics by taking V. SYSTEM DESCRIPTION into consideration this association. From above study it is clear that there are different tools to measure the quality of software at Supported Coupling Metrics:- design level as well as code level. Each tool includes Here are some of the coupling metrics that can be different set of metrics to measure different quality devised in proposed system[6]- attributes. When user uses any tool at design level to 1. RFC (Response for a Class) is the number validate the design with the help of included set of of the methods that can potentially be metrics then there is need to assess the implemented invoked in response to a public message code with same set of metrics. received by an object of a particular class. Proposed tool facilitate user to measure If the number of methods that can be security by applying tool at design level as well as invoked from a class is high, it is more code with same set of metrics. In this it concerns difficult and highly coupled to some only one feature of object oriented design which is methods. highly associated with the security i.e. coupling. 2. WMC (Weighted Methods per Class) is Proposed system is involves three modules, which defined as the weighted sum of all class’s works in sequential manner. methods. It is a measure for the complexity First module accepts UML diagram as a of classes. More complex classes are more input and applies Genetic algorithm on it. Here GA error-prone, harder to analyze and test. It is is used to obtain more than one design which fulfills expected that complex classes have higher different levels of fitness function. These alternate change rates because of bug fixing and designs are of three levels of security i.e. High refactoring activities. secure, medium secure, low secure. 3 CBO (Coupling Between Object Classes) is the number of classes that a class is coupled to. It is calculated by counting other classes Secure Secure Design UML design whose attributes or methods are used by the Genetic level design given classes plus those that use the diagram Algo metric attributes or methods of the given class.If a s Metrics class is highly coupled with other classes, result changes in other classes can also cause changes in that class. Module-1 4 (DIT) Depth of Inheritance Tree: the maximum depth of the class in the GA is a search in which successor states inheritance tree. It measures the number of are generated from two parent states. It starts with potential ancestor classes that can affect a randomly generated population. It evolves through class, i.e., it measures inter-class coupling three phases selection, crossover and mutation. due to inheritance. Finally best solution is chosen based on the 5 (NOC) Number Of Children: the number of optimization criteria. Each state is assessed by immediate sub-classes of a class or the fitness function. Then different Security related count of derived classes. If class class A coupling metrics are applied on all levels of secure inherits class classB, then class B is the design and stores result. base class and class A is the derived class. In second module code is implemented for In other words, class A is the children of highly secure or medium or low secure design .Then class class B, and class B is the parent of this implemented code get evaluated based on the class class B. NOC measures inheritance security related same coupling metrics. Means it complexity. checks coupling aspect at code level to provide 6 COF(Coupling factor):Coupling factor security. measures the actual coupling among classes .Maximum coupling accursed when all classes are coupled with each other. But Code level maximum coupling leads to complexity Secure Metrics Coupling design from result which is in tern leads to need of security. Module-1 Metrics 7 DAC(Data Abstraction Coupling): This metric measures the number of instantiations of other classes within the given class. It is not caused due to inheritance or the object oriented paradigm. Module - 2 The higher the DAC, the more complex the data structure (classes) of the system 1576 | P a g e
  • 4. Prof. D.M.Thakore, Torana N.Kamble / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 5, September- October 2012, pp.1574-1577 Third module is nothing but the validation of all [4] I. Chowdhury, B. Chan, and M. designs. It compares metrics results computed at Zulkernine, “Security metrics for design level and code level to generate the graph. sourcecode structures,” in Proceedings of the Fourth International Workshop onSoftware Engineering for Secure Systems, (Leipzig, Germany), ACM, 2008.. [5] Smriti Jain, “A Review of Security Metrics in Software Development Process” et al / (IJCSIT) International Journal of Computer Science and Information Technologies, 2011. [6] IstehadChowdhury, Mohammad Zulkernine VI. CONCLUSION “Can Complexity, Coupling, and Cohesion Existing software metric tools interpret and Metrics be Used as Early Indicators of implement the definitions of object-oriented Vulnerabilities?” ACM 2010. software metrics differently. This provides results [7] S. Chidamber and C. Kemerer, “A metrics based on tool-dependent metrics and has even suite for object oriented design,” IEEE allegations on the results of analyses based on these Transactions on Software Engineering, vol. metrics results. In short, the metrics based 20, pp. 476–493, 1994., assessment of a software system and measures taken [8] M. Fowler, Refactoring: Improving The to improve its design differ considerably from tool Design of Existing Code. Reading, MA: to tool. So the limitation is all tools are platform Addison-Wesley, 1999 dependent. There are separate tools for dynamic [9] Payal Khurana&Puneet Jai Kaur metrics, static metrics and for reverse engineering. DYNAMIC METRICS AT DESIGN LEVEL But the proposed system develops a tool which ,International Journal of Information applies dynamic as well as static metrics on design Technology and Knowledge Management by considering coupling of classes and objects. And July-December 2009, Volume 2, No. 2, pp. also applies reverse engineering to validate the 449-454 design. Again in proposed tool uses genetic [10] AmjanShaik,C. R. K. Reddy, BalaManda, algorithm for alternate designs. Benefit to use this Prakashini. C, Deepthi. K, “An Empirical algorithm is it is easy to understand and multi object Validation of Object Oriented Design optimizer. Metrics in Object Oriented Systems” There is lot of scope in future work as the Journal of Emerging Trends in Engineering dynamic metrics are related with the behaviour of and Applied Sciences (JETEAS) ,(ISSN: the program, they have advantage of more precise, 2141-7016). but difficult to implement compare to static one .So [11] John Lloyd1 and Jan Jürjens2,„Security there is clear opportunity for researcher to work in Analysis of a Biometric Authentication hybrid approach where dynamic results can be System „Using UMLsec and JML*, A. augmented by static information for collection of Schürr and B. Selic (Eds.): MODELS 2009, metrics data. LNCS 5795, pp. 77–91, 2009.,© Springer- Verlag Berlin Heidelberg 2009 REFERENCES [12] M. Y. Liu and I. Traore, “Empirical [1] J. Bansiya and C. G. Davis, “A relation between coupling and attackability hierarchical model for object-oriented in software systems: a case study on DOS,” design quality assessment,” IEEE in Proceedings of the 2006 Workshop on Transactions on Software Engineering, vol. Programming Languages and Analysis for 28, pp. 4–17, 2002 .. Security Ottawa. Ontario, Canada: ACM, [2] P K. Manadhata, K. M. C. Tan, R. A. 2006, pp. 57–64 Maxion, and J. M. Wing, “An approach to [13] Rüdiger Lincke, Jonas Lundberg and Welf measuring a system‟s attack surface,” Löwe,“Comparing Software Metric Tools”, Tech. Rep. CMU-CS- 07-146, Carnegie 2008 ACM 978-1-59593-904-3/08/07. Mellon University, Pittsburgh, PA, August 2007. [3] B. Alshammari, C. J. Fidge, and D. Corney, “Security metrics for object-oriented class designs,” in Proceedings of the Ninth International Conference on Quality Software (QSIC 2009), (Jeju, Korea), pp. 11–20, IEEE, 2009 1577 | P a g e