Towards an Approach for Security Risk Analysis in COTS Based Development

Wu, Dan; Yang, Ye

doi:10.1007/11754305_14

Dan Wu²⁰ &
Ye Yang²⁰

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3966))

Included in the following conference series:

Software Process Workshop

807 Accesses
2 Citations

Abstract

More and more companies tend to use secure products as COTS to develop their secure systems due to resource limitations. The security concerns add more complexity as well as potential risks to COTS selection process, and it is always a great challenge for developers to make the selection decisions. In this paper, we provide a method for security risk analysis in COTS based development (CBD) based on Common Criteria and our previous work in identifying general risk items for CBD. The research result provides useful insights for developers in identifying security risks, so that it can be used to aid for the COTS selection decision.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Devanbu, P., Stubblebine, S.: Software Engineering for Security: a Roadmap. In: The Future of Software Engineering. Special volume of the proceedings of the 22nd International Conference on Software Engieering – ICSE 2000 (June 2000)
Google Scholar
Kontio, J.: A Case Study in Applying a Systematic Method for COTS Selection. In: Proceedings of the 18th international conference on Software engineering, Berlin, Germany (May 1996)
Google Scholar
Brownsword, L., Oberndorf, T., Sledge, C.: Developing New Processes for COTS-Based Systems. IEEE Software (July/August 2000)
Google Scholar
Lindqvist, U., Jonsson, E.: A Map of Security Risks Associated with Using COTS. In Computer 31(6), 60–66 (1998)
Article Google Scholar
Common Criteria for Evaluation Criteria for IT Security V2.1. ISO/IEC 15408, National Institute of Standards and Technology (1999)
Google Scholar
Yang, Y., Boehm, B., Wu, D.: COCOTS Risk Analyzer. In: ICCBSS 2006, Orlando, USA (February 2006) (accepted)
Google Scholar
http://niap.nist.gov/cc-scheme/vpl/vpl_type.html
Colbert, E., Wu, D., Chen, Y., Boehm, B.: “Costing Secure Systems”. In: 18th International Forum on COCOMO and Software Cost Modeling, Los Angeles (October 2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Center for Software Engineering, University of Southern California, 941 W. 37th Place, SAL Room 328, Los Angeles, CA, 90089-0781, USA
Dan Wu & Ye Yang

Authors

Dan Wu
View author publications
You can also search for this author in PubMed Google Scholar
Ye Yang
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Massey University, New Zealand
Qing Wang
Department of Informatics, University of Oslo, Norway
Dietmar Pfahl
Portland State University, 631 SW Harrison St., Portland, OR, USA
David M. Raffo
School of Computer Science, University of Hertfordshire, College Lane, AL10 9AB, Hatfield, Herts, UK
Paul Wernick

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wu, D., Yang, Y. (2006). Towards an Approach for Security Risk Analysis in COTS Based Development. In: Wang, Q., Pfahl, D., Raffo, D.M., Wernick, P. (eds) Software Process Change. SPW 2006. Lecture Notes in Computer Science, vol 3966. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11754305_14

Download citation

DOI: https://doi.org/10.1007/11754305_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34199-4
Online ISBN: 978-3-540-34201-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics