Analyzing the Risk of Authenticity Violation Based on the Structural and Functional Sizes of UML Sequence Diagrams

Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10158)

Abstract

Paying attention to authenticity, as a security requirement, in the early phases of the software life-cycle (such as requirement and-or design) can save project cost, time, and effort. However, in the ISO 25010 quality model which describes quality sub-characteristics, authenticity measures are not explicitly described, neither are they documented with sufficient details. This paper proposes a clear and precise way of measuring the “authenticity” sub-characteristic based on structural and functional size measurements. This combination can be used to identify the risk of authenticity violation in the design phase. An example of Facebook Web User Authentication is used to illustrate our proposed measurement.

Keywords

ISO 25010 quality model Security Authenticity measures Design phase Structural Size Measurement Functional Size Measurement 
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Wagner, S.: Software Product Quality Control, pp. XII–210. Springer, Heidelberg. doi: 10.1007/978-3-642-38571-1, ISSN 978-3-642- 38571-1
  2. 2.
    ISO/IEC 25021:2012 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – Quality measure elements Google Scholar
  3. 3.
    ISO/IEC 25000:2014 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – Guide to SQuaREGoogle Scholar
  4. 4.
    ISO/IEC 25010:2011 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality modelsGoogle Scholar
  5. 5.
    ISO/IEC 9126-1:2001 Software engineering – Product quality – Part 1Google Scholar
  6. 6.
    ISO/IEC 25020:2007 Software engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement reference model and guideGoogle Scholar
  7. 7.
    ISO/IEC DIS 25022.2 Systems and software engineering – Systems and software quality requirements and evaluation (SQuaRE) – Measurement of quality in useGoogle Scholar
  8. 8.
    ISO/IEC DIS 25023.2 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – Measurement of system and software product qualityGoogle Scholar
  9. 9.
    CISQ Specifications for Automated Quality Characteristic Measures Object Management Group, ISO/IEC 2502n – Quality Measurement Division (2012)Google Scholar
  10. 10.
    Karine, M.M., Jannik, L., Stéphane, D.: Modèles de mesure de la qualité des logiciels (2011)Google Scholar
  11. 11.
    Heitlager, I., Kuipers, T., Visser, J.: A practical model for measuring maintainability. In: 6th International Conference on the Quality of Information and Communications Technology (QUATIC 2007), pp. 30–39 (2007)Google Scholar
  12. 12.
    Janusz, Z., Steven, D., Andrew, J.K.: Measuring security: a challenge for the generation. In: Position papers of the Federated Conference on Computer Science and Information Systems, pp. 131–140Google Scholar
  13. 13.
    Asma, S., Hela, H., Alain, A., Hanene, B-A.: A measurement method for sizing the structure of UML sequence diagrams. Inf. Softw. Technol. 59, 222–232 (2015). http://dx.doi.org/10.1016/j.infsof.2014.11.002. IST-Elsevier
  14. 14.
    Al-Qutaish, R.E: An investigation of the weaknesses of the ISO 9126 International Standard. In: Second International Conference on Computer and Electrical Engineering Google Scholar
  15. 15.
    Software Engineering - Software Product Quality Requirements and Evaluation (SQuaRE) Guide to SQuaRE (ISO/IEC 25000). International Organization for Standardization, Geneva (2005)Google Scholar
  16. 16.
    Won, Sh., Jin-Lee, L., Doo-Ho, P., Chun-Hyon, C.: Design of authenticity evaluation metric for android applications. In: 2014 Fourth International Conference on Digital Information and Communication Technology and it’s Applications (DICTAP), pp. 275–278, 6–8 May 2014Google Scholar
  17. 17.
    Haiyun, X., Jeroen, H., Joost, V.: A practical model for rating software security. In: 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C), pp. 231–232, 18–20 June 2013Google Scholar
  18. 18.
    Jean-Marc, D.: Software Measurement. In: Analysis of ISO/IEC 9126 and 25010Google Scholar
  19. 19.
    ISO/IEC 14598-1:1999 Information technology – Software product evaluation – Part 1: General overviewGoogle Scholar
  20. 20.
    Al-Badareen, A.B., Desharnais, J.-M., Abran, A.: A suite of rules for developing and evaluating software quality models. In: Kobyliński, A., Czarnacka-Chrobot, B., Świerczek, J. (eds.) IWSM/Mensura-2015. LNBIP, vol. 230, pp. 1–13. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-24285-9_1 CrossRefGoogle Scholar
  21. 21.
  22. 22.
    Al-Badareen, A.B., Selamat, M.H., Jabar, M.A., Din, J., Turaev, S.: Software quality models: a comparative study. In: Mohamad Zain, J., Wan Mohd, W.M., El-Qawasmeh, E. (eds.) ICSECS 2011. CCIS, vol. 179, pp. 46–55. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-22170-5_4 CrossRefGoogle Scholar
  23. 23.
    Guillaume, H.: Failles de sécurité des applications web principes. parades et bonnes pratiques de développement, 03 April 2012Google Scholar
  24. 24.
    Alain, A., Jean-Marc, D., Barbara, K., Dylan, R., Charles, S., Steve, W.: Guideline on Non-Functional & Project Requirements, November 2015Google Scholar
  25. 25.
  26. 26.
    Alain, A.: Software Metrics and Software Metrology. Wiley, IEEE Computer Society Press, Hoboken (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Hela Hakim
    • 1
  • Asma Sellami
    • 1
  • Hanêne Ben Abddallah
    • 2
  1. 1.Computer Science Engineering DepartmentUniversity of SfaxSfaxTunisia
  2. 2.King Abdulaziz UniversityJeddahKingdom of Saudi Arabia

Personalised recommendations