乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,3]],"date-time":"2024-08-03T20:20:22Z","timestamp":1722716422414},"reference-count":51,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2011,11,30]],"date-time":"2011-11-30T00:00:00Z","timestamp":1322611200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Software Qual J"],"published-print":{"date-parts":[[2013,3]]},"DOI":"10.1007\/s11219-011-9169-0","type":"journal-article","created":{"date-parts":[[2011,11,30]],"date-time":"2011-11-30T19:54:22Z","timestamp":1322682862000},"page":"67-97","source":"Crossref","is-referenced-by-count":16,"title":["Taxonomy of quality metrics for assessing assurance of security correctness"],"prefix":"10.1007","volume":"21","author":[{"given":"Moussa","family":"Ouedraogo","sequence":"first","affiliation":[]},{"given":"Reijo M.","family":"Savola","sequence":"additional","affiliation":[]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[]},{"given":"David","family":"Preston","sequence":"additional","affiliation":[]},{"given":"Djamel","family":"Khadraoui","sequence":"additional","affiliation":[]},{"given":"Eric","family":"Dubois","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2011,11,30]]},"reference":[{"issue":"3","key":"9169_CR1","doi-asserted-by":"crossref","first-page":"579","DOI":"10.1007\/s11219-010-9127-2","volume":"19","author":"E Bagheri","year":"2010","unstructured":"Bagheri, E., & Gasevic, D. (2010). Assessing the maintainability of software product line feature models using structural metrics. Software Quality Journal, 19(3), 579\u2013612.","journal-title":"Software Quality Journal"},{"issue":"4","key":"9169_CR2","doi-asserted-by":"crossref","first-page":"96","DOI":"10.1109\/MSP.2006.101","volume":"4","author":"SM Bellovin","year":"2006","unstructured":"Bellovin, S. M. (2006). On the brittleness of software and the infeasibility of security metrics. IEEE Security &Privacy, 4(4), 96.","journal-title":"IEEE Security &Privacy"},{"key":"9169_CR3","unstructured":"Bodeau, D. (2001). Information assurance assessment: Lessons-learned and challenges. In Proceedings of WISSRR 2001, Williamsburg, VA."},{"key":"9169_CR4","unstructured":"Bulut, E., Khadraoui, D., & Marquet, B. (2007). Multi-agent based security assurance monitoring system for telecommunication infrastructures. In Proceedings of the communication, network, and information security conference, Berkeley, California. Anaheim, CA, USA: ACTA Press."},{"key":"9169_CR5","unstructured":"Chaula, J. A., Yngstr\u00f6m, L., & Kowalski, S. (2005). Security metrics and evaluation of information systems security. In Proceedings of the 4th annual conference on information security for South Africa (pp. 1\u201311). Pretoria, South Africa: ISSA."},{"issue":"5","key":"9169_CR6","doi-asserted-by":"crossref","first-page":"499","DOI":"10.1007\/s10664-008-9072-x","volume":"13","author":"NE Fenton","year":"2008","unstructured":"Fenton, N. E., Neil, M., Marsh, W., Hearty, P., Radlinski, L., & Krause, P. (2008). On the effectiveness of early life cycle defect prediction with Bayesian Nets. Empirical Software Engineering, 13(5), 499\u2013537.","journal-title":"Empirical Software Engineering"},{"key":"9169_CR7","volume-title":"Software metrics: A rigorous and practical approach","author":"N Fenton","year":"1998","unstructured":"Fenton, N., & Pfleeger, S. L. (1998). Software metrics: A rigorous and practical approach (2nd ed.). Boston: PWS Publishing.","edition":"2"},{"key":"9169_CR8","unstructured":"Fong, E., Kass, M., Rhodes, T., & Boland, F. (2010). Structured assurance case methodology for assessing software trustworthiness. In Proceedings of the 2010 fourth international conference on secure software integration and reliability improvement companion (pp. 32\u201333). Singapore: IEEE Computer Society."},{"issue":"4","key":"9169_CR9","doi-asserted-by":"crossref","first-page":"176","DOI":"10.1016\/j.istr.2010.04.002","volume":"14","author":"SM Furnell","year":"2009","unstructured":"Furnell, S. M. (2009). The irreversible march of technology. Information Security Technical Report, 14(4), 176\u2013180.","journal-title":"Information Security Technical Report"},{"key":"9169_CR10","unstructured":"Goertzel, K. M., Winograd, T., McKinley, H. L., Oh, L. J., Colon, M., McGibbon, T., et al. (2007). Software security assurance: State of the art report. Available at: http:\/\/iac.dtic.mil\/iatac\/download\/security.pdf . Accessed 10 May 2011."},{"key":"9169_CR11","unstructured":"Goodenough, J., Lipson, H., & Weinstock, C. (2008). Arguing security-creating security assurance cases. Available at https:\/\/buildsecurityin.us-cert.gov\/bsi\/articles\/knowledge\/assurance\/643-BSI.html . Accessed 7 March 2011."},{"issue":"8","key":"9169_CR12","doi-asserted-by":"crossref","first-page":"1327","DOI":"10.1016\/j.jss.2007.11.716","volume":"81","author":"L Grunske","year":"2008","unstructured":"Grunske, L., & Joyce, D. (2008). Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles. Journal of Systems and Software, 81(8), 1327\u20131345.","journal-title":"Journal of Systems and Software"},{"key":"9169_CR13","unstructured":"Hecker, A., & Riguidel, M. (2009). On the operational security assurance evaluation of networked IT systems. In Proceedings of the 9th international conference on smart spaces and next generation wired\/wireless networking and second conference on smart spaces. Lecture Notes in Computer Science (Vol. 5764, pp. 266\u2013278). Berlin, Heidelberg: Springer."},{"key":"9169_CR14","unstructured":"Hunter, R., & Out, D. J. (2005). Low assurance protection profile for a software based personal firewall for home internet use BSI-PP-0014. Available at: https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Zertifizierung\/ReportePP\/PP0014b_pdf.pdf?__blob=publicationFile . Accessed 15 March 2011."},{"key":"9169_CR15","volume-title":"Common criteria for information technology, part 1\u20133, version 3.1","author":"ISO\/IEC 15048","year":"2006","unstructured":"ISO\/IEC 15408. (2006a). Common criteria for information technology, part 1\u20133, version 3.1. Geneva, Switzerland: International Organisation for Standardization and the International Electro-technical Commission."},{"key":"9169_CR16","volume-title":"Information technology process assessment part 4: Guidance on use for process improvement and process capability determination","author":"ISO\/IEC 15504\u20135","year":"2006","unstructured":"ISO\/IEC 15504\u20135. (2006b). Information technology process assessment part 4: Guidance on use for process improvement and process capability determination. Geneva, Switzerland: International Organisation for Standardization and the International Electro-technical Commission."},{"key":"9169_CR17","volume-title":"Systems and software engineering\u2014Measurement process","author":"ISO\/IEC 15939","year":"2007","unstructured":"ISO\/IEC 15939. (2007). Systems and software engineering\u2014Measurement process. Geneva, Switzerland: International Organisation for Standardization and the International Electro-technical Commission."},{"key":"9169_CR18","volume-title":"Information technology\u2014systems security engineering\u2014capability maturity model (SSE-CMM)","author":"ISO\/IEC 21827","year":"2008","unstructured":"ISO\/IEC 21827. (2008). Information technology\u2014systems security engineering\u2014capability maturity model (SSE-CMM). Geneva, Switzerland: International Organisation for Standardization and the International Electro-technical Commission."},{"key":"9169_CR19","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.IR.7564","volume-title":"Directions in security metrics research","author":"W Jansen","year":"2009","unstructured":"Jansen, W. (2009). Directions in security metrics research. Gaithersburg, MD: National Institute of Standards and Technology Special publication# NISTIR 7564, NIST."},{"key":"9169_CR20","unstructured":"Jelen, G. F, & Williams, J. R. (1998). A practical approach to measuring assurance. In Proceedings of the 14th annual computer security applications conference (ACSAC 98) (pp. 333\u2013343). Phoenix, AZ: IEEE Xplore."},{"key":"9169_CR21","unstructured":"Julisch, K. (2008). Security compliance: The next frontier in security research. In Proceedings of the New Security Paradigms Workshop (pp. 71\u201374). New York: ACM."},{"key":"9169_CR22","volume-title":"Secure systems development with UML","author":"J J\u00fcrjens","year":"2005","unstructured":"J\u00fcrjens, J. (2005). Secure systems development with UML. Berlin: Springer."},{"issue":"12","key":"9169_CR23","doi-asserted-by":"crossref","first-page":"929","DOI":"10.1109\/32.489070","volume":"21","author":"B Kitchenham","year":"1995","unstructured":"Kitchenham, B., Pfleeger, S., & Fenton, N. (1995). Towards a framework for software measurement validation. IEEE Transactions on Software Engineering, 21(12), 929\u2013944.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9169_CR24","volume-title":"Hack I.T.\u2014security through penetration testing","author":"TJ Klevinsky","year":"2002","unstructured":"Klevinsky, T. J., Laliberte, S. A., & Gupta, A. (2002). Hack I.T.\u2014security through penetration testing. Boston, Massachusetts, USA: Addison-Wesley."},{"key":"9169_CR25","unstructured":"Lee, J., Lee, J., Lee, S., & Choi, B. (2003). A CC-based security engineering process evaluation model. In Proceedings of the 27th annual international computer software and applications conference (COMPSAC\u201903) (pp. 130\u2013135). Dallas: IEEE Xplore."},{"issue":"4","key":"9169_CR26","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1109\/TSE.1982.235579","volume":"8","author":"M Lipow","year":"1982","unstructured":"Lipow, M. (1982). Number of faults per line of code. IEEE Transactions on Software Engineering, 8(4), 437\u2013439.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"9169_CR27","unstructured":"Manadhata, P. K., & Wing, J. M. (2010). An attack surface metric. IEEE Transactions on Software Engineering, (99)."},{"key":"9169_CR28","unstructured":"Marquet, B., Dubus, S., & Blad, C. (2010). Security assurance profile for large and heterogeneous telecom and IT infrastructures. In Proceedings of the 7th international symposium on risk management and cyber-informatics (RMCI\u201910), Orlando, Florida, USA. http:\/\/www.iiis.org\/CDs2010\/CD2010SCI\/RMCI_2010\/PapersPdf\/RA432SS.pdf . Accessed 15 March 2011."},{"key":"9169_CR29","unstructured":"Liang T., & Ming-Tian, Z. (2006). A new evaluation strategy based on combining CC and SSE-CMM for security systems and products. In Proceedings of 5th international conference on grid and cooperative computing (GCC\u201906) (pp. 395\u2013403). Washington, DC: IEEE Computer Society."},{"issue":"2","key":"9169_CR30","doi-asserted-by":"crossref","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis, H., & Giorgini, P. (2007). Secure Tropos: A security-oriented extension of the Tropos methodology. International Journal of Software Engineering and Knowledge Engineering, 17(2), 285\u2013309.","journal-title":"International Journal of Software Engineering and Knowledge Engineering"},{"key":"9169_CR31","unstructured":"NASA. (2004). Software assurance standard, NASA technical standard, NASA-STD-8739.8 w\/Change 1, National Aeronautics and Space Administration. Available at: http:\/\/www.hq.nasa.gov\/office\/codeq\/doctree\/87398.pdf . Accessed 15 March 2011."},{"key":"9169_CR32","unstructured":"Ouedraogo, M. (2011) Valuation and reporting of security assurance at operational systems level. PhD thesis, University of East London, England, UK."},{"key":"9169_CR33","doi-asserted-by":"crossref","unstructured":"Ouedraogo, M., Khadraoui, D., Mouratidis, H., & Dubois, E. (2011). Appraisal and reporting of security assurance at operational systems level. Journal of Software and Systems. doi: 10.1016\/j.jss.2011.08.013 .","DOI":"10.1016\/j.jss.2011.08.013"},{"issue":"7","key":"9169_CR34","doi-asserted-by":"crossref","first-page":"770","DOI":"10.1016\/j.cose.2010.03.004","volume":"29","author":"JA Pavlich-Mariscal","year":"2010","unstructured":"Pavlich-Mariscal, J. A., Demurjian, S. A., & Michel, L. D. (2010). A framework for security assurance of access control enforcement code. Computers & Security, 29(7), 770\u2013784.","journal-title":"Computers & Security"},{"key":"9169_CR35","unstructured":"Payne, S. C. (2006). A guide to security metrics. SANS Institute InfoSec Reading Room. http:\/\/www.sans.org\/reading_room\/whitepapers\/auditing\/guide-security-metrics_55 . Accessed 15 March 2011."},{"key":"9169_CR36","unstructured":"Pham, N., Baud, L., Bellot, P., & Riguidel, M. (2008). A near real-time system for security assurance assessment. In Proceedings of the 3rd international conference on internet monitoring and protection (pp. 152\u2013160). Bucharest, Romania: IEEE Computer Society."},{"issue":"3","key":"9169_CR37","doi-asserted-by":"crossref","first-page":"209","DOI":"10.6028\/jres.115.013","volume":"115","author":"T Rhodes","year":"2010","unstructured":"Rhodes, T., Boland, F., Fong, E., & Kass, M. (2010). Software assurance using structured assurance case models. Journal of Research of the National Institute of Standard and Technology, 115(3), 209\u2013216.","journal-title":"Journal of Research of the National Institute of Standard and Technology"},{"key":"9169_CR38","unstructured":"Savola, R. M. (2007). Towards a taxonomy for information security metrics. In Proceedings of ACM workshop on quality of protection QOP\u201907 (pp. 28\u201330). New York: ACM."},{"issue":"1","key":"9169_CR39","first-page":"230","volume":"10","author":"RM Savola","year":"2010","unstructured":"Savola, R. M. (2010). On the feasibility of utilizing security metrics in software-intensive systems. International Journal of Computer Science and Network Security, 10(1), 230\u2013239.","journal-title":"International Journal of Computer Science and Network Security"},{"key":"9169_CR40","unstructured":"Seddigh, N., Pieda, P., Matrawy, A., Nandy, B., Lambadaris, L. & Hatfield, A. (2004). Current trends and advances in information assurance metrics. In Proceedings of second annual conference on privacy, security and trust (PST\u201904) (pp. 197\u2013205). Fredericton, Canada."},{"key":"9169_CR41","unstructured":"Sheyner, O. M. (2004). Scenario graphs and attack graphs. PhD thesis, School of Computer Science Carnegie Mellon University."},{"key":"9169_CR42","unstructured":"Skroch, M. J., McHugh, J., & Wiliams, J. M. (2000). Information assurance metrics: Prophecy, process, or pipedream? In Proceedings of national information system security conference, Baltimore, USA."},{"key":"9169_CR43","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-33","volume-title":"Underlying technical models for information technology security","author":"G Stoneburner","year":"2001","unstructured":"Stoneburner, G. (2001). Underlying technical models for information technology security. Gaithersburg, MD: National Institute of Standards and technology Special publication #800\u201333, NIST."},{"issue":"1","key":"9169_CR44","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1111\/j.1468-0394.2008.00452.x","volume":"25","author":"EA Strunk","year":"2008","unstructured":"Strunk, E. A., & Knight, J. C. (2008). The essential synthesis of problem frames and assurance cases. Experts Systems the Journal of Knowledge Engineering, 25(1), 9\u201327.","journal-title":"Experts Systems the Journal of Knowledge Engineering"},{"key":"9169_CR45","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-55","volume-title":"Security metrics guide for information technology systems","author":"M Swanson","year":"2003","unstructured":"Swanson, M., Nadya, B., Sabato, J., Hash, J., & Graffo, L. (2003). Security metrics guide for information technology systems. Gaithersburg, MD: NIST Special publication #800\u201355, NIST."},{"key":"9169_CR46","volume-title":"Requirements engineering: From system goals to UML models to software specifications","author":"A Lamsweerde Van","year":"2009","unstructured":"Van Lamsweerde, A. (2009). Requirements engineering: From system goals to UML models to software specifications. West Sussex, England: Wiley."},{"key":"9169_CR47","unstructured":"Vaughn, R. B., Henning, R., & Siraj, A. (2003). Information assurance measures and metrics\u2014state of practice and proposed taxonomy. In Proceedings of the IEEE\/HICSS\u201903 (p. 331). Big Island, Hawaii: IEEE Computer Society."},{"key":"9169_CR48","unstructured":"Williams, J. R., Schaefer, M., & Landoll, D. J. (1995). Pretty good assurance. In Proceedings of new security paradigms workshop (p. 82). La Jolla, CA: IEEE Computer Society."},{"key":"9169_CR49","unstructured":"WISSRR Workshop on Information, Security System Scoring and Ranking. (2001). Information system security attribute quantification or ordering (commonly but improperly know as security metrics). In Workshop proceedings, Williamsburg, VA, 21\u201323 May."},{"issue":"6","key":"9169_CR50","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1109\/MC.2004.2","volume":"37","author":"A Wool","year":"2004","unstructured":"Wool, A. (2004). A quantitative study of firewall configuration errors. IEEE Computer, 37(6), 62\u201367.","journal-title":"IEEE Computer"},{"key":"9169_CR51","unstructured":"Zuccato, A., Marquet, B., Papillon, S., & Alden, M. (2006). Service oriented modelling of communication infrastructure for assurance. In Proceedings of IEEE Information Assurance Workshop (pp 1\u20138). West Point: IEEE Xplore."}],"container-title":["Software Quality Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-011-9169-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11219-011-9169-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11219-011-9169-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T10:10:39Z","timestamp":1559383839000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11219-011-9169-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,11,30]]},"references-count":51,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,3]]}},"alternative-id":["9169"],"URL":"https:\/\/doi.org\/10.1007\/s11219-011-9169-0","relation":{},"ISSN":["0963-9314","1573-1367"],"issn-type":[{"value":"0963-9314","type":"print"},{"value":"1573-1367","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,11,30]]}}}