Measuring CIA for enterprise applications based on errors classification

Dissertant

al-Far, Anas Kamil

Thesis advisor

Qusif, Abd Allah

Comitee Members

Qasaimih, Malik
Abd Allah, Imad E.
al-Majali, Sufyan

University

Princess Sumaya University for Technology

Faculty

King Hussein Faculty for Computing Sciences

University Country

Jordan

Degree

Master

Degree Date

2016

English Abstract

Confidentiality, Integrity, and Availability (CIA) are principal keys to build any secure software.

Taking those principles into consideration in implementation phases of system development should have an impact on reducing many software vulnerabilities.

The purpose of this thesis is to measure the impact on CIA for any given objectoriented PHP application; by studyingthe impact score on confidentiality, the impact score on integrity, and the impact score on availability fora list of reportedvulnerabilities and its correlation with some code metrics for the given vulnerable source code.

The results indicate that no significant predictive of ‘Confidentiality’ could be obtained from the tested code metrics.

On the other hand, this research uncovered that 23.7% of the variability in ‘Integrity’ was explained by four metrics: Vocabulary Used in Code, Card and Agresti, Intelligent Content, and Efferent Coupling metrics while the Length (Halstead metric) could alone predict about 24.2% of the observed variability in ‘Availability’.

Keywords: Software Security, CIA Model, Confidentiality Score, Integrity Score, Availability Score, Code Characteristics, Code Metrics, Security Metrics, PHP security.

Main Subjects

Electronic engineering

No. of Pages

132

Table of Contents

• APA
• MLA
• AMA

Language

English

Data Type

Arab Theses

Record ID

BIM-720780