Estimating the Cost of Security for COTS Software
This paper describes enhancements being made to the University of Southern California’s COnstructive COTS (COCOTS) integration cost model to address security concerns. The paper starts by summarizing the actions we have taken to enhance COCOMO II to model the impact of security on development effort and duration. It then relates the COCOMO II approach to the COCOTS estimating framework so that the enhancements proposed can be incorporated into the COCOTS model. After summarizing the team’s progress in developing counterpart COCOTS security cost drivers and expert-consensus cost driver parameter values, the paper points to the steps that will be taken to validate the findings and calibrate the model.
KeywordsIntrusion Detection System Cost Driver Trojan Horse Security Control Covert Channel
Unable to display preview. Download preview PDF.
- 1.Committee on Information Systems Trustworthiness, Trust in Cyberspace. National Academy Press (1999)Google Scholar
- 2.Lindqvist, U., and Jonsson, E.: A Map of Security Risks Associated with Using COTS. In: IEEE Computer, June (1998) 60–66.Google Scholar
- 3.Abts, C., Boehm, B., and Clark, E. B.: COCOTS: A Software COTS-Based System (CBS) Cost Model-Evolving Towards Maintenance Phase Modeling. In: Proceedings of ESCOM (2001)Google Scholar
- 4.Boehm, B. W., Abts, C., Brown, A. W., Chulani, S., Clark, B. K., Horowitz, E., Madachy, R., Reifer, D., and Steece, B.: Software Cost Estimation with COCOMO II. Prentice-Hall (2000)Google Scholar
- 5.Abts, C., Boehm, B., and Clark, E. B.: COCOTS: A COTS Software Integration and Cost Model-Model Overview and Preliminary Data Findings. In: Proceedings of ESCOM (2000)Google Scholar
- 6.Luhn, R., and Spanbauer, S.: Protect Your PC. In: PC World, July (2002) page 92Google Scholar
- 7.Mackey, R: Layered Insecurity. Information Security, June (2002) 61–68.Google Scholar
- 8.Reifer, D. J.: Security: A Rating Concept for COCOMO II. Center for Software Engineering, University of Southern California, May (2002)Google Scholar
- 9.Allen, J. H.: The CERT Guide to System and Network Security Practices. Addison-Wesley (2001)Google Scholar