語系:
繁體中文
English
日文
簡体中文
說明(常見問題)
登入
回首頁
到查詢結果
[ subject:"Computer Science." ]
切換:
標籤
|
MARC模式
|
ISBD
Investigating Complexity Metrics as ...
~
North Carolina State University.
Investigating Complexity Metrics as Indicators of Software Vulnerability.
紀錄類型:
書目-語言資料,印刷品 : Monograph/item
書名/作者:
Investigating Complexity Metrics as Indicators of Software Vulnerability.
作者:
Shin, Yonghee.
面頁冊數:
169 p.
附註:
Source: Dissertation Abstracts International, Volume: 72-04, Section: B, page: 2214.
Contained By:
Dissertation Abstracts International72-04B.
標題:
Computer Science.
ISBN:
9781124478333
摘要、提要註:
A single exploited software vulnerability can cause severe damage to an organization legally and financially. Early detection of software vulnerabilities can prevent the damage caused by late detection. Security experts claim that complexity is the enemy of security. A complex software system is difficult to understand, maintain, and test by software engineers resulting in errors in code including vulnerabilities. As a result, finding metrics that can measure software complexity and can point toward the code locations that are likely to have vulnerabilities early in the development life cycle is beneficial.
電子資源:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3442705
Investigating Complexity Metrics as Indicators of Software Vulnerability.
Shin, Yonghee.
Investigating Complexity Metrics as Indicators of Software Vulnerability.
- 169 p.
Source: Dissertation Abstracts International, Volume: 72-04, Section: B, page: 2214.
Thesis (Ph.D.)--North Carolina State University, 2011.
A single exploited software vulnerability can cause severe damage to an organization legally and financially. Early detection of software vulnerabilities can prevent the damage caused by late detection. Security experts claim that complexity is the enemy of security. A complex software system is difficult to understand, maintain, and test by software engineers resulting in errors in code including vulnerabilities. As a result, finding metrics that can measure software complexity and can point toward the code locations that are likely to have vulnerabilities early in the development life cycle is beneficial.
ISBN: 9781124478333Subjects--Topical Terms:
423143
Computer Science.
Investigating Complexity Metrics as Indicators of Software Vulnerability.
LDR
:04627nam 2200289 4500
001
365273
005
20120516132900.5
008
121018s2011 ||||||||||||||||| ||eng d
020
$a
9781124478333
035
$a
(UMI)AAI3442705
035
$a
AAI3442705
040
$a
UMI
$c
UMI
100
1
$a
Shin, Yonghee.
$3
475294
245
1 0
$a
Investigating Complexity Metrics as Indicators of Software Vulnerability.
300
$a
169 p.
500
$a
Source: Dissertation Abstracts International, Volume: 72-04, Section: B, page: 2214.
500
$a
Advisers: Laurie Williams; Mladen Vouk.
502
$a
Thesis (Ph.D.)--North Carolina State University, 2011.
520
$a
A single exploited software vulnerability can cause severe damage to an organization legally and financially. Early detection of software vulnerabilities can prevent the damage caused by late detection. Security experts claim that complexity is the enemy of security. A complex software system is difficult to understand, maintain, and test by software engineers resulting in errors in code including vulnerabilities. As a result, finding metrics that can measure software complexity and can point toward the code locations that are likely to have vulnerabilities early in the development life cycle is beneficial.
520
$a
The goal of this research is to investigate complexity metrics that can indicate vulnerable code locations to improve the efficiency of security inspection and testing. For this purpose, this research conducts empirical evaluation of four types of complexity metrics: code complexity; OO design complexity; dependency network complexity; and execution complexity metrics as indicators of vulnerability. The evaluation is performed on four widely used open source projects by testing whether complexity metrics can discriminate vulnerable and neutral code locations and whether the prediction models built using those complexity metrics can predict vulnerable code locations. While complexity metrics have long been used for fault prediction, faults have different distributions from vulnerabilities. Therefore, this research additionally compares the ability of traditional fault prediction models and vulnerability prediction models to see whether traditional fault prediction models can also effectively predict vulnerabilities. Finally, software metrics that quantify code change history and developer collaboration history have been effective for fault prediction. Therefore, this research compares the ability of complexity metrics and other types of metrics obtained from development history as indicators of vulnerabilities. This research improves our understanding on the relationship between software complexity and vulnerability, contributing to the body of empirical knowledge as follows: •This research provides empirical evidence that complexity metrics can indicate vulnerable code locations. •This research provides empirical evidence that vulnerable code is more complex, has large and frequent changes, and has more past faults than faulty code. •This research provides empirical evidence that fault prediction models that are trained to predict faults can predict vulnerabilities at the similar prediction performance to the vulnerability prediction models that are trained to predict vulnerabilities despite the difference in the distribution of faults and vulnerabilities. •This research provides empirical evidence that code execution frequency and duration based on software usage patterns by a normal user can indicate vulnerable code locations. •This research provides empirical evidence that process metrics are better indicators of vulnerabilities than complexity metrics when process metrics are available. •This research defines and uses simple and useful measures of code inspection cost and code inspection reduction efficiency obtained from a prediction model. •This research demonstrates that automated text classification is feasible and useful to classify bug reports for faults and enhancements. •This research reveals that a careful analysis of the relationship between faults/vulnerabilities and software metrics is required because the analysis results largely depend on the distribution of faults/vulnerabilities and the distribution of faults/vulnerabilities is specific to each project.
590
$a
School code: 0155.
650
4
$a
Computer Science.
$3
423143
690
$a
0984
710
2
$a
North Carolina State University.
$3
423031
773
0
$t
Dissertation Abstracts International
$g
72-04B.
790
1 0
$a
Williams, Laurie,
$e
advisor
790
1 0
$a
Vouk, Mladen,
$e
advisor
790
$a
0155
791
$a
Ph.D.
792
$a
2011
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3442705
筆 0 讀者評論
多媒體
多媒體檔案
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3442705
評論
新增評論
分享你的心得
Export
取書館別
處理中
...
變更密碼
登入