回首頁 到查詢結果 [ subject:"Computer Science." ]

切換: 標籤 | MARC模式 | ISBD

Investigating Complexity Metrics as ... ~ North Carolina State University.

 

• Investigating Complexity Metrics as Indicators of Software Vulnerability.

• 紀錄類型:	書目-語言資料,印刷品 : Monograph/item
  書名/作者:	Investigating Complexity Metrics as Indicators of Software Vulnerability.
  作者:	Shin, Yonghee.
  面頁冊數:	169 p.
  附註:	Source: Dissertation Abstracts International, Volume: 72-04, Section: B, page: 2214.
  Contained By:	Dissertation Abstracts International72-04B.
  標題:	Computer Science.
  ISBN:	9781124478333
  摘要、提要註:	A single exploited software vulnerability can cause severe damage to an organization legally and financially. Early detection of software vulnerabilities can prevent the damage caused by late detection. Security experts claim that complexity is the enemy of security. A complex software system is difficult to understand, maintain, and test by software engineers resulting in errors in code including vulnerabilities. As a result, finding metrics that can measure software complexity and can point toward the code locations that are likely to have vulnerabilities early in the development life cycle is beneficial.
  電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3442705

• Investigating Complexity Metrics as Indicators of Software Vulnerability.
• Shin, Yonghee.
  
  Investigating Complexity Metrics as Indicators of Software Vulnerability. - 169 p.
  
  Source: Dissertation Abstracts International, Volume: 72-04, Section: B, page: 2214.
  
  Thesis (Ph.D.)--North Carolina State University, 2011.
  
  A single exploited software vulnerability can cause severe damage to an organization legally and financially. Early detection of software vulnerabilities can prevent the damage caused by late detection. Security experts claim that complexity is the enemy of security. A complex software system is difficult to understand, maintain, and test by software engineers resulting in errors in code including vulnerabilities. As a result, finding metrics that can measure software complexity and can point toward the code locations that are likely to have vulnerabilities early in the development life cycle is beneficial.
  
  ISBN: 9781124478333Subjects--Topical Terms:
  
  423143
  Computer Science.
  

• Investigating Complexity Metrics as Indicators of Software Vulnerability.
• LDR:04627nam 2200289 4500 001 365273
  005 20120516132900.5
  008 121018s2011 ||||||||||||||||| ||eng d
  020 $a  9781124478333
  035 $a  (UMI)AAI3442705
  035 $a  AAI3442705
  040 $a  UMI $c  UMI
  100 1 $a  Shin, Yonghee. $3  475294
  245 1 0 $a  Investigating Complexity Metrics as Indicators of Software Vulnerability.
  300 $a  169 p.
  500 $a  Source: Dissertation Abstracts International, Volume: 72-04, Section: B, page: 2214.
  500 $a  Advisers: Laurie Williams; Mladen Vouk.
  502 $a  Thesis (Ph.D.)--North Carolina State University, 2011.
  520 $a  A single exploited software vulnerability can cause severe damage to an organization legally and financially. Early detection of software vulnerabilities can prevent the damage caused by late detection. Security experts claim that complexity is the enemy of security. A complex software system is difficult to understand, maintain, and test by software engineers resulting in errors in code including vulnerabilities. As a result, finding metrics that can measure software complexity and can point toward the code locations that are likely to have vulnerabilities early in the development life cycle is beneficial.
  520 $a  The goal of this research is to investigate complexity metrics that can indicate vulnerable code locations to improve the efficiency of security inspection and testing. For this purpose, this research conducts empirical evaluation of four types of complexity metrics: code complexity; OO design complexity; dependency network complexity; and execution complexity metrics as indicators of vulnerability. The evaluation is performed on four widely used open source projects by testing whether complexity metrics can discriminate vulnerable and neutral code locations and whether the prediction models built using those complexity metrics can predict vulnerable code locations. While complexity metrics have long been used for fault prediction, faults have different distributions from vulnerabilities. Therefore, this research additionally compares the ability of traditional fault prediction models and vulnerability prediction models to see whether traditional fault prediction models can also effectively predict vulnerabilities. Finally, software metrics that quantify code change history and developer collaboration history have been effective for fault prediction. Therefore, this research compares the ability of complexity metrics and other types of metrics obtained from development history as indicators of vulnerabilities. This research improves our understanding on the relationship between software complexity and vulnerability, contributing to the body of empirical knowledge as follows: •This research provides empirical evidence that complexity metrics can indicate vulnerable code locations. •This research provides empirical evidence that vulnerable code is more complex, has large and frequent changes, and has more past faults than faulty code. •This research provides empirical evidence that fault prediction models that are trained to predict faults can predict vulnerabilities at the similar prediction performance to the vulnerability prediction models that are trained to predict vulnerabilities despite the difference in the distribution of faults and vulnerabilities. •This research provides empirical evidence that code execution frequency and duration based on software usage patterns by a normal user can indicate vulnerable code locations. •This research provides empirical evidence that process metrics are better indicators of vulnerabilities than complexity metrics when process metrics are available. •This research defines and uses simple and useful measures of code inspection cost and code inspection reduction efficiency obtained from a prediction model. •This research demonstrates that automated text classification is feasible and useful to classify bug reports for faults and enhancements. •This research reveals that a careful analysis of the relationship between faults/vulnerabilities and software metrics is required because the analysis results largely depend on the distribution of faults/vulnerabilities and the distribution of faults/vulnerabilities is specific to each project.
  590 $a  School code: 0155.
  650 4 $a  Computer Science. $3  423143
  690 $a  0984
  710 2 $a  North Carolina State University. $3  423031
  773 0 $t  Dissertation Abstracts International $g  72-04B.
  790 1 0 $a  Williams, Laurie, $e  advisor
  790 1 0 $a  Vouk, Mladen, $e  advisor
  790 $a  0155
  791 $a  Ph.D.
  792 $a  2011
  856 4 0 $u  http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3442705
  

筆 0 讀者評論

多媒體

多媒體檔案
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3442705

評論

• 新增評論 分享你的心得

2008 傳技資訊 最佳瀏覽使用FireFox或IE7.0以上版本 建議您至http://moztw.org/或http://www.microsoft.com/taiwan/windows/ie/downloads/default.mspx下載 v3.1.1.2