Abstract
Many computer and network security crises arise because of the exploitation of software defects and are remedied only by repair. The effect of security related software defects and their occurrence rates is an important aspect of Quality of Protection (QoP). Existing arguments and evidence suggests that the distribution of occurrence rates of software defects is lognormal and that the first occurrence times of defects follows the Laplace transform of the lognormal. We extend this research to hypothesize that the distribution of occurrence counts of security related defects follows the Discrete Lognormal. We find that the observed occurrence counts for three sets of defect data relating specifically to network security are consistent with our hypothesis. This paper demonstrates how existing concepts and techniques in software reliability engineering can be applied to study the occurrence phenomenon of security related defects that impact QoP.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
E. N. Adams. “Optimizing preventive service of software products”. IBM Journal of Research and Development, 28(1):2–14, January 1984.
J. Aitchison and J.A.C. Brown. The Lognormal Distribution. Cambridge University Press, NY, 1969.
P. Bishop and R. Bloomfield. “A conservative theory for long-term reliability growth prediction”. In Proc. of Intl. Symposium on Software Reliability Engineering (ISSRE 96), White Plains, NY, 1996.
P. Bishop and R. Bloomfield. “Using a log-normal failure rate distribution for worst case bound reliability prediction”. In Proc. 14th International Symposium on Software Reliability Engineering (ISSRE 03), pages 237–245, 2003.
M. Butcher, H. Munro, and T. Kratschmer. “Improving software testing via ODC: Three case studies”. IBM Systems Journal, 41(1), 2002.
J. Charzinski. “HTTP/TCP connection flow characteristics”. Performance Evaluation, 42:149–162,2000.
R. Chillarege. Handbook of Software Reliability Engineering, M.R. Lyu (Eds.), chapter Orthogonal Defect Classification. McGraw Hill, 1996.
M. Crovella and M. Taqqu. Methodology and Computing in Applied Probability, chapter Estimating the Heavy Tail Index from Scaling Properties, pages 3–26. Chapman and Hall, 1999.
E. L. Crow and K. Shimizu. Lognormal Distributions: Theory and Applications. Marcel Dekker, New York, 1988.
A. Downey. “Lognormal and Pareto distributions in the Internet”. Computer Communications, 2003.
M. Faloutsos, P. Faloutsos, and C. Faloutsos. “On the Power-law relationships of the Internet topology”. In Proc. of ACM SIGCOMM, 1999.
A. Feldmann, A. Gilbert, W. Willinger, and T. Kurtz. “The changing nature of network traffic: Scaling phenomenon”. ACM Computer Communication Review, pages 5–28, 1998.
S. Gokhale and R. Mullen. “From test count to code coverage using the lognormal”. In Proc. of 15th International Symposium on Software Reliability Engineering (ISSRE 04), 2004.
K. Goseva-Postojanova, S. Mazimdar, and A. Singh. “Empirical study of session-based workload and reliability of web-servers”. In Proc. of 15th International Symposium on Software Reliability Engineering (ISSRE 04), 2004.
N. L. Johnson, S. Kotz, and N. Balakrishnan. Continuous Univariate Distributions. Wiley, New York, 1994.
N. L. Johnson, S. Kotz, and A. Kemp. Univariate Discrete Distributions. Wiley, New York,1993.
G. Q. Kenney. “Estimating defects in commercial software during operational use”. IEEE Trans. on Reliability, 42(l):107–115, January 1993.
Y. Levende. “Reliability analysis of large software systems: Defect data modeling”. IEEE Trans. on Software Engineering, 16(2): 141–152, February 1990.
R.E. Megill. Introduction to Risk Analysis. Pennwell Books, Tulsa, OK, 1984.
D. R. Miller. “Exponential order statistic models of software reliability growth”. Technical Report NASA Contractor Report 3909, NTIS, 1985.
R.E. Mullen. “The lognormal distribution of software failure rates: Application to software reliability growth modeling”. In Proc. of 9th International Symposium on Software Reliability Engineering (ISSRE 98), 1998.
R.E. Mullen. “The lognormal distribution of software failure rates: Origin and evidence”. In Proc. of 9th International Symposium on Software Reliability Engineering (ISSRE 98), 1998.
J. D. Musa. “A theory of software reliability and its application”. IEEE Trans. on Software Engineering, SE-l(l), September 1975.
J. D. Musa. “The operational profile in software reliability engineering: An overview”. In Proc. of the 3rd International Symposium on Software Reliability Engineering (ISSRE 92), pages 140–154, 1992.
P.M. Nagel, F.W. Scholtz, and J.A. Skirvan. “Software reliability: Additional investigations into modeling with replicated experiments”. Technical Report NASA CR-172378, NTIS, 1984.
V. Paxson and S. Floyd. “Wide area traffic: The failure of poisson modeling”. IEEE/ACM Trans. on Networking, (3):244–266, 1995.
R. Perline. “Strong, weak and inverse power laws”. Statistical Science, 20(l):68–88, 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer Science+Business Media, LLC.
About this paper
Cite this paper
Mullen, R.E., Gokhale, S.S. (2006). A Discrete Lognormal Model for Software Defects Affecting Quality of Protection. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds) Quality of Protection. Advances in Information Security, vol 23. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-36584-8_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-36584-8_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29016-4
Online ISBN: 978-0-387-36584-8
eBook Packages: Computer ScienceComputer Science (R0)