Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/118704
Citations | ||
Scopus | Web of Science® | Altmetric |
---|---|---|
?
|
?
|
Type: | Journal article |
Title: | Assessing and improving the quality of security methodologies for distributed systems |
Author: | Uzunov, A. Fernandez, E. Falkner, K. |
Citation: | Journal of Software: Evolution and Process, 2018; 30(11):e1980-1-e1980-56 |
Publisher: | Wiley |
Issue Date: | 2018 |
ISSN: | 2047-7473 2047-7481 |
Statement of Responsibility: | Anton V. Uzunov, Eduardo B. Fernandez, Katrina Falkner |
Abstract: | Security methodologies represent systematic approaches for introducing security attributes into a system throughout the development lifecycle. While isolated attempts have been made to demonstrate the value of particular security methodologies, the “quality” of security methodologies, as such, has never been given due consideration; indeed, it has never been studied as a self‐standing topic. The literature therefore entirely lacks supportive artifacts that can provide a basis for assessing, and hence for improving, a security methodology's quality. In this paper, we fill the aforementioned gap by proposing a comprehensive quality framework and accompanying process, within the context of an existing approach to engineering security methodologies, which can be used for both (bottom‐up) quality assessment and (top‐down) quality improvement. The main framework elements can be extended and customized to allow an essentially arbitrary range of methodology features to be considered, thus forming a basis for flexible, fine‐grained quality control. We demonstrate the bottom‐up application of the latter framework and process on three real‐life security methodologies for distributed systems, taken as case studies. Based on the assessment results, we subsequently show in detail (for one) and briefly discuss (for the remaining set) how the case study methodologies can be re‐engineered to improve their quality. |
Keywords: | Engineering security methodologies; quality assessment; quality framework; quality improvement; security engineering; security methodology quality; security process modeling |
Rights: | © 2018 John Wiley & Sons, Ltd. |
DOI: | 10.1002/smr.1980 |
Published version: | http://dx.doi.org/10.1002/smr.1980 |
Appears in Collections: | Aurora harvest 8 Computer Science publications |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.