FOCSE: An OWA-based Evaluation Framework for OS Adoption in Critical Environments

  • Claudio Agostino Ardagna
  • Ernesto Damiani
  • Fulvio Frati
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 234)

Abstract

While the vast majority of European and US companies increasingly use open source software for non-key applications, a much smaller number of companies have deployed it in critical areas such as security and access control. This is partly due to residual difficulties in performing and documenting the selection process of open source solutions. In this paper we describe the FOCSE metrics framework, supporting a specific selection process for security-related open source code. FOCSE is based on a set of general purpose metrics suitable for evaluating open source frameworks in general; however, it includes some specific metrics expressing security solutions’ capability of responding to continuous change in threats. We show FOCSE at work in two use cases about selecting two different types of security-related open source solutions, i.e. Single Sign-On and Secure Shell applications.

References

  1. 1.
    S. Abiteboul, X. Leroy, B. Vrdoljak, R. Di Cosmo, S. Fermigier, S. Lauriere, F. Lepied, R. Pop, F. Villard, J.P. Smets, C. Bryce, K.R. Dittrich, T. Milo, A. Sagi, Y. Shtossel, and E. Panto. Edos: Environment for the development and distribution of open source software. In Proc of The First International Conference on Open Source Systems, pages 66–70, Genova (Italy), July 2005.Google Scholar
  2. 2.
    C.A. Ardagna, E. Damiani, S. De Capitani di Vimercati, F. Frati, and P. Samarati. CAS++: an open source single sign-on solution for secure e-services. In Proc. of the 21st IFIP International Information Security Conference “Security and Privacy in Dynamic Environments”, May 2006.Google Scholar
  3. 3.
    C.A. Ardagna, E. Damiani, F. Frati, and M. Madravio. Open source solution to secure e-government services. Encyclopedia of Digital Government, 2006.Google Scholar
  4. 4.
    C.A. Ardagna, E. Damiani, F. Frati, and M. Montel. Using open source middleware for securing e-gov applications. In Proc. of The First International Conference on Open Source Systems, pages 172–178, Genova (Italy), July 2005.Google Scholar
  5. 5.
    C.A. Ardagna, E. Damiani, F. Frati, and S. Reale. Adopting open source for mission-critical applications: A case study on single sign-on. In Proc. of IFIP Working Group 2.13 Foundation on Open Source Software, volume 203/2006, pages 209–220, Como, Italy, 2006.Google Scholar
  6. 6.
    C.A. Ardagna, E. Damiani, F. Frati, and S. Reale. Secure authentication process for high sensitive data e-services: A roadmap. Journal of Cases on Information Technology, 9(1):20–35, 2007.Google Scholar
  7. 7.
    P. Aubry, V. Mathieu, and J. Marchal. Esup-portal: open source single sign-on with cas (central authentication service). In Proc. of EUNIS04 — IT Innovation in a Changing World, pages 172–178, Bled (Slovenia), 2005.Google Scholar
  8. 8.
    A. Capiluppi, P. Lago, and M. Morisio. Characteristics of open source projects. In CSMR, page 317, 2003.Google Scholar
  9. 9.
    CERT-CC. Cert coordination center. Available: www.cert.org/.Google Scholar
  10. 10.
    M. Conklin. Beyond low-hanging fruit: Seeking the next generation in floss data mining. In Proc. of IFIP Working Group 2.13 Foundation on Open Source Software, volume 203/2006, Como, Italy, 2006.Google Scholar
  11. 11.
    C. Cowan. Software security for open-source systems. IEEE-SEC-PRIV, 1(1):38–45, January/February 2003.CrossRefGoogle Scholar
  12. 12.
    J. Feller and B. Fitzgerald. A framework analysis of the open source software development paradigm. In ICIS, pages 58–69, 2000.Google Scholar
  13. 13.
    FLOSSmole. Collaborative collection and analysis of free/libre/open source project data. Available: ossmole.sourceforge.net/.Google Scholar
  14. 14.
    B. Golden. Succeeding with Open Source. Addison-Wesley Professional, 2004.Google Scholar
  15. 15.
    The Open Group. Single sign-on. Available: www.opengroup.org/security/sso/.Google Scholar
  16. 16.
    A. Josang, R. Ismail, and C. Boyd. A survey of trust and reputation systems for online service provision. In Decision Support Systems, 2005.Google Scholar
  17. 17.
    JOSSO. Java open single sign-on. Available: sourceforge.net/projects/josso.Google Scholar
  18. 18.
    OpenSSO. Open web SSO. Available: opensso.dev.java.net/.Google Scholar
  19. 19.
    E. Damiani P. Ceravolo and M. Viviani. Bottom-up extraction and trust-based refinement of ontology metadata. IEEE Transaction on Knowledge and Data Engineering, 19(2):149–163, February 2007.CrossRefGoogle Scholar
  20. 20.
    PuTTY. A free telnet/ssh client. Available: www.chiark.greenend.org.uk/~sgtatham/putty/.Google Scholar
  21. 21.
    E.S. Raymond. The cathedral and the bazaar. Available: www.openresources.com/documents/cathedral-bazaar/, August 1998.Google Scholar
  22. 22.
    SourceID. Open source federated identity management. Available: www.sourceid.org/.Google Scholar
  23. 23.
    Cluster SSH. Cluster admin via ssh. Available: sourceforge.net/projects/clusterssh.Google Scholar
  24. 24.
    V. Torra. The weighted OWA operator. International Journal of Intelligent Systems, 12(2):153–166, 1997.MATHCrossRefGoogle Scholar
  25. 25.
    WinSCP. Free sftp and scp client for windows. Available: winscp.net/eng/index.php.Google Scholar
  26. 26.
    R.R. Yager. On ordered weighted averaging aggregation operators in multi-criteria decision making. IEEE Transaction Systems, Man, Cybernetics, 18(1):183–190, January/February 1988.MATHCrossRefGoogle Scholar
  27. 27.
    T. Ylonen. Ssh-secure login connections over the internet. In Proc. of Sixth USENIX Security Symposium, page 3742, San Jose, California, USA, 1996.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Claudio Agostino Ardagna
    • 1
  • Ernesto Damiani
    • 1
  • Fulvio Frati
    • 1
  1. 1.University of MilanCrema (CR)Italy

Personalised recommendations