Empirical model for quantification of confidentiality in OO system
Keywords:Bugs, Confidentiality, Coupling, Metrics, Software Security.
The coupling or aggregation binds together the different entities or components within the system. An external process when takes or try to take the control of the system will be assisted in its action if the underlying system is highly coupled. A highly coupled design degrades the ability of software to defend against exploitation. Thus from a software developerâ€™s point of view, we must provide so much security at design time that no one outside the system should be able to access in unauthorized way. It is to insure that information leakage is minimal (if not zero as is desired theoretically). This research work done quantitatively, describes the ability of object oriented coupling metrics to predict faulty classes. There are two major section of this paper. One section covers the ability of multi layer neuron perceptron model for prediction of faulty classes and in other section we have proposed and validated a statistical model for confidentiality using data set of dif-ferent releases of apache velocity project so as to quantify the effects of coupling on confidentiality of system.
 Abreu, F. B., Pereira, G., & Sousa, P. (2000). A Coupling-Guided Cluster Analysis Approach to Reengineer the Modularity of Object-Oriented Systems. Proceedings of conference on Software Maintenance and Reengineering (CSMR'00), (pp. 13-22). Zurich, Switzerland.
 Agrawal,A., & Khan, R.A. (2012). Role of Coupling in Vulnerability Propagation-Object Oriented Design Perspective. Software Engineering: An International Journal (SEIJ), 2(1), 60-68.
 Alenezi, M. & Abunadi, I. (2015). Evaluating software metrics as predictors of software vulnerabilities. International Journal of Security and Its Applications, 9(10), 231â€“240.
 Allen, E. B., Khoshgoftaar, T. M., & Chen, Y. (2001).Measuring coupling and cohesion of software modules: an information-theory approach. Proceedings of seventh International Software Metrics Symposium (METRICS'01), (pp. 124-134).
 Arisholm, E., Briand, L. C., & Foyen, A. (2004). Dynamic coupling measurement for object-oriented software. IEEE Transactions on Software Engineering, 30(8), pp. 491-506.
 Ayanam, V. S. (2009). Software Security Vulnerability vs Software Coupling: A Study with Empirical Evidence. Masterâ€™s Thesis, Southern Polytechnic State University, Marietta, Georgia, USA.
 Briand, L., Wust, J., & Louinis, H. (1999). Using Coupling Measurement for Impact Analysis in Object-Oriented Systems. Proceedings of IEEE International Conf. on Software Maintenance, (pp. 475-482).
 Briand, L.C., Daly, J., Porter, V., & Wust, J. (1998). Predicting fault-prone classes with design measures in object-oriented systems. Proceedings of the Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257), (pp.334-343). Paderborn. doi:10.1109/ISSRE.1998.730898
 Cartwright, M., & Shepperd, M. (2000). An empirical investigation of an object-oriented software system. IEEE Transactions on Software Engineering, 26 (8), 786-796. doi: 10.1109/32.879814
 Chowdhury, I., & Zulkermine, M. (2011) .Using Complexity, Coupling and Cohesion metrics as Early Indicators of vulnerabilities. Journal of Systems Architecture, 57, 294-313.
 Devanbu, P.T., & Stubblebine, S. (2000). Software engineering for security: A roadmap. Proceedings of the Conference on the Future of Software Engineering (ICSE '00) (pp. 227-239). NY, USA: ACM. doi=http://dx.doi.org/10.1145/336512.336559
 Emam, K. El., Benlarbi, S., Goel, N., Melo, W., Lounis, H., & Rai, S.N. (2002). The optimal class size for object-oriented software. IEEE Transactions on Software Engineering, 28(5), 494-509. doi: 10.1109/TSE.2002.1000452.
 Evanco, W. M. (2003). Comments on The confounding effect of class size on the validity of object-oriented metrics. IEEE Transactions on Software Engineering, 29(7), 670-672. doi: 10.1109/TSE.2003.1214331.
 Fenton, N.E., & Neil, M. (1999). A critique of software defect prediction models. IEEE Transactions on Software Engineering, 25(5), 675-689. doi: 10.1109/32.815326
 Jureczko, M. (2011). Signiï¬cance of diï¬€erent software metrics in defect prediction. Software Engineering: An International Journal, 1, 86-95.
 Krsul, I. V.( 1998).Software Vulnerability Analysis, PhD Thesis, Purdue University, West Lafayette, Indiana, USA.
 Kumar, V., Sharma, A., & Kumar, R. (2013). Applying soft computing approaches to predict defect density in software product releases: An empirical study. Computing and Informatics, 32, 203â€“224.
 LagerstrÃ¶m R., Baldwin C., MacCormack A., Sturtevant D., & Doolan L. (2017). Exploring the Relationship between Architecture Coupling and Software Vulnerabilities. In: Bodden E., Payer M., Athanasopoulos E. (eds) Engineering Secure Software and Systems. ESSoS 2017. Lecture Notes in Computer Science, vol 10379.Springer.
 Lessmann, S., Baesens, B., Mues, C., & Pietsch, S. (2008). Benchmarking classification models for software defect prediction: A proposed framework and novel findings. IEEE Transaction on Software Engineering, 34(4), 485-496.
 Liu, M. Y. & Traore, I. (2006).Empirical Relation between Coupling and Attackability in Software Systems: A Case Study on DOS. Proceedings of 2006 Workshop on Programming Languages and analysis for Security, (pp. 57-64). Ottawa, Canada.
 Macvittie,L. (2008, March 18). Application Security: Loose Coupling for Legacy Apps [Blog Post]. Retrieved from https://devcentral.f5.com/articles/application-security-loose-coupling-for-legacy-apps
 Olague, H.M., Etzkorn, L. H., Gholston, S., & Quattlebaum, S. (2007). Empirical Validation of Three Software Metrics Suites to Predict Fault-Proneness of Object-Oriented Classes Developed Using Highly Iterative or Agile Software Development Processes. IEEE Transactions on Software Engineering, 33, 402-419. doi: 10.1109/TSE.2007.1015
 Sullivan, M., & Chillarege, R. (2000). Software Defects and Their Impact on System Availability: A Study of Field Failures in Operating Systems. Digest of Papers - FTCS (Fault-Tolerant Computing Symposium).
 Thapaliyal, M. & Verma, G. (2010). Software Defects and Object Oriented Metrics:An Empirical Analysis. International Journal of Computer Applications, 9(5).
 Wilkie, F.G., & Kitchenham, B.A. (2000). Coupling measures and change ripples in C++ application software. Journal of Systems and Software, 52(2-3), 157-164, https://doi.org/10.1016/S0164-1212 (99)00142-9.
 Zimmermann, T., Nagappan, N., Gall, H., Giger, E., & Murphy, B. (2009). Cross-project defect prediction: a large-scale experiment on data vs. domain vs. process. Proceedings of ESEC/ FSE, (pp. 91-100). New York: ACM. http://dx.doi.org/10.1145/1595696.1595713.
View Full Article:
How to Cite
LicenseAuthors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under aÂ Creative Commons Attribution Licensethat allows others to share the work with an acknowledgement of the work''s authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal''s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (SeeÂ The Effect of Open Access).