Abstract
Paying attention to authenticity, as a security requirement, in the early phases of the software life-cycle (such as requirement and-or design) can save project cost, time, and effort. However, in the ISO 25010 quality model which describes quality sub-characteristics, authenticity measures are not explicitly described, neither are they documented with sufficient details. This paper proposes a clear and precise way of measuring the “authenticity” sub-characteristic based on structural and functional size measurements. This combination can be used to identify the risk of authenticity violation in the design phase. An example of Facebook Web User Authentication is used to illustrate our proposed measurement.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Wagner, S.: Software Product Quality Control, pp. XII–210. Springer, Heidelberg. doi:10.1007/978-3-642-38571-1, ISSN 978-3-642- 38571-1
ISO/IEC 25021:2012 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – Quality measure elements
ISO/IEC 25000:2014 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – Guide to SQuaRE
ISO/IEC 25010:2011 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models
ISO/IEC 9126-1:2001 Software engineering – Product quality – Part 1
ISO/IEC 25020:2007 Software engineering – Software product Quality Requirements and Evaluation (SQuaRE) – Measurement reference model and guide
ISO/IEC DIS 25022.2 Systems and software engineering – Systems and software quality requirements and evaluation (SQuaRE) – Measurement of quality in use
ISO/IEC DIS 25023.2 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – Measurement of system and software product quality
CISQ Specifications for Automated Quality Characteristic Measures Object Management Group, ISO/IEC 2502n – Quality Measurement Division (2012)
Karine, M.M., Jannik, L., Stéphane, D.: Modèles de mesure de la qualité des logiciels (2011)
Heitlager, I., Kuipers, T., Visser, J.: A practical model for measuring maintainability. In: 6th International Conference on the Quality of Information and Communications Technology (QUATIC 2007), pp. 30–39 (2007)
Janusz, Z., Steven, D., Andrew, J.K.: Measuring security: a challenge for the generation. In: Position papers of the Federated Conference on Computer Science and Information Systems, pp. 131–140
Asma, S., Hela, H., Alain, A., Hanene, B-A.: A measurement method for sizing the structure of UML sequence diagrams. Inf. Softw. Technol. 59, 222–232 (2015). http://dx.doi.org/10.1016/j.infsof.2014.11.002. IST-Elsevier
Al-Qutaish, R.E: An investigation of the weaknesses of the ISO 9126 International Standard. In: Second International Conference on Computer and Electrical Engineering
Software Engineering - Software Product Quality Requirements and Evaluation (SQuaRE) Guide to SQuaRE (ISO/IEC 25000). International Organization for Standardization, Geneva (2005)
Won, Sh., Jin-Lee, L., Doo-Ho, P., Chun-Hyon, C.: Design of authenticity evaluation metric for android applications. In: 2014 Fourth International Conference on Digital Information and Communication Technology and it’s Applications (DICTAP), pp. 275–278, 6–8 May 2014
Haiyun, X., Jeroen, H., Joost, V.: A practical model for rating software security. In: 2013 IEEE 7th International Conference on Software Security and Reliability-Companion (SERE-C), pp. 231–232, 18–20 June 2013
Jean-Marc, D.: Software Measurement. In: Analysis of ISO/IEC 9126 and 25010
ISO/IEC 14598-1:1999 Information technology – Software product evaluation – Part 1: General overview
Al-Badareen, A.B., Desharnais, J.-M., Abran, A.: A suite of rules for developing and evaluating software quality models. In: Kobyliński, A., Czarnacka-Chrobot, B., Świerczek, J. (eds.) IWSM/Mensura-2015. LNBIP, vol. 230, pp. 1–13. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24285-9_1
Al-Badareen, A.B., Selamat, M.H., Jabar, M.A., Din, J., Turaev, S.: Software quality models: a comparative study. In: Mohamad Zain, J., Wan Mohd, W.M., El-Qawasmeh, E. (eds.) ICSECS 2011. CCIS, vol. 179, pp. 46–55. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22170-5_4
Guillaume, H.: Failles de sécurité des applications web principes. parades et bonnes pratiques de développement, 03 April 2012
Alain, A., Jean-Marc, D., Barbara, K., Dylan, R., Charles, S., Steve, W.: Guideline on Non-Functional & Project Requirements, November 2015
Alain, A.: Software Metrics and Software Metrology. Wiley, IEEE Computer Society Press, Hoboken (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hakim, H., Sellami, A., Ben Abddallah, H. (2017). Analyzing the Risk of Authenticity Violation Based on the Structural and Functional Sizes of UML Sequence Diagrams. In: Cuppens, F., Cuppens, N., Lanet, JL., Legay, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2016. Lecture Notes in Computer Science(), vol 10158. Springer, Cham. https://doi.org/10.1007/978-3-319-54876-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-54876-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54875-3
Online ISBN: 978-3-319-54876-0
eBook Packages: Computer ScienceComputer Science (R0)