Assessing and improving the quality of security methodologies for distributed systems
Date
2018
Authors
Uzunov, A.
Fernandez, E.
Falkner, K.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Journal article
Citation
Journal of Software: Evolution and Process, 2018; 30(11):e1980-1-e1980-56
Statement of Responsibility
Anton V. Uzunov, Eduardo B. Fernandez, Katrina Falkner
Conference Name
DOI
Abstract
Security methodologies represent systematic approaches for introducing security attributes into a system throughout the development lifecycle. While isolated attempts have been made to demonstrate the value of particular security methodologies, the “quality” of security methodologies, as such, has never been given due consideration; indeed, it has never been studied as a self‐standing topic. The literature therefore entirely lacks supportive artifacts that can provide a basis for assessing, and hence for improving, a security methodology's quality. In this paper, we fill the aforementioned gap by proposing a comprehensive quality framework and accompanying process, within the context of an existing approach to engineering security methodologies, which can be used for both (bottom‐up) quality assessment and (top‐down) quality improvement. The main framework elements can be extended and customized to allow an essentially arbitrary range of methodology features to be considered, thus forming a basis for flexible, fine‐grained quality control. We demonstrate the bottom‐up application of the latter framework and process on three real‐life security methodologies for distributed systems, taken as case studies. Based on the assessment results, we subsequently show in detail (for one) and briefly discuss (for the remaining set) how the case study methodologies can be re‐engineered to improve their quality.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
© 2018 John Wiley & Sons, Ltd.