软件安全度量技术综述

1软件安全度量综述摘要软件系统在当今日常生活中扮演越来越重要的角色，安全，对于软件系统，尤其是对于高安全需求的软件应用系统的开发和实施来说至关重要。为了更好的了解软件安全，以便于更好的控制和提升软件安全。对软件安全定性以及定量的安全度量与评估必不可少。在过去的20多年里，各种安全指标，安全度量技术被相继提出，但是鲜有被广泛认可与接受的。本文回顾了软件安全度量的历史，概述了软件安全定性与定量度量评估的研究现状，包括度量策略，成熟度，以及理念和技术上限制软件安全度量进一步研究发展的瓶颈。关键字软件安全;安全度量，安全指标ASurveyofSoftwareSecurityMetricsAbstractSoftwaresystemsisplayingamoreandmoreimportantroleinourdailylifenowadays.Securityisoneofthemostimportantissuesindevelopingandimplementingsoftwaresystemsespeciallyinhighlycriticalapplication.Tobetterunderstandsoftwaresecurityinordertobettercontrolandimprovementsoftwaresecurity,measurementofsoftwaresecurityqualitativelyandquantitativelyisnecessary.Varioussecurityindicators,measuresandmetricshavebeenproposedinpast20years,butfewhavebeengeneralacceptanceandappliedtopracticeuse.Wereviewthehistoryofsecuritymetricresearch,andsurveythecurrentstateoftheartinqualitativeandquantitativesecuritymeasurementtocharacterizetheavailablemeasurementstrategies,theirmaturity,andtheconceptualortechnicalobstaclepreventingfurtherprogressinthisfieldofresearch.Keywordssoftwaresecurity;securitymetrics;securityindicators;1IntroductionMeasurementisoneofthefoundationsofsoundengineeringpractices.Morethan100yearsago,LordKelvininsightfullyobservedthatthemeasurementisvitaltodeepknowledgeandunderstandinginphysicalscience.Thisprincipleshouldalsoapplytothefieldofsoftwaresecurity.Measurementandimprovementabilitiescouldhardenthesecurityofsystemsefficientlybecausemeasurementhelpstoconcentrateimprovementeffortwhereitisneededmost,promotingissue-relatedsecurityenhancements.Securitymetricisnotanewtopic,butonewhichreceivesfocusedinterestsporadically.Duringthelastfewdecades,researchershavemadevariousattemptstodevelopmeasuresandsystemsofmeasurementforsoftwaresecuritywithvaryingdegreesofsuccess,muchofwhathasbeenwrittenaboutsecuritymetricsisdefinitional,aimedatprovidingguidelinesfordefiningasecuritymetricandspecifyingcriteriaforwhichtostrive.Althoughvariousmethods,securityindicators,measuresandmetricshavebeenproposed,butfewhavebeenwidespreadadoptionandappliedtopracticeuse.Securitymetricisseenasanimportantfactorinmakingsounddecisionsaboutvariousaspectsofsecurity,rangingfromthedesignofsecurityarchitecturesandcontrolstotheeffectivenessandefficiencyofsecurityoperations.Duetothesignificantbodyofwork.Ithasbecomeincreasinglydifficulttooverlookthestateofartinspecifyingdetermining,comparing,orpredictingsecurityqualities.Butprovidingusefulmetricsoratleastindicatorsforcharacterizingthesecuritypropertiesofasoftwaresystemissurprisinglychallenging.Inordertoovercomethedifficultiesandgetabreakthroughinthefieldofsecuritymetrics,wereviewrelatedconceptionsandthehistoryofsecuritymetric,furthermorewesurveythecurrentstateoftheartinqualitativeandquantitativesecuritymeasurementtocharacterizetheavailablemeasurementstrategies,theirmaturity,andtheconceptualortechnicalobstaclepreventingfurtherprogressinthisfieldofresearch.2RelatedconceptionsDefinition1.SoftwareSecuritySecurity,‘‘thepracticeofbuildingsoftwaretobesecureandfunctionproperlyunderintentionalmaliciousattack’’[1],isanintegrativeconceptthatincludesfourkeyproperties[2]:confidentiality(absenceofunauthorizeddisclosureofaserviceorpieceofinformation),authenticity(guaranteesthataserviceorpieceofinformationisauthentic),integrity(protectionofaserviceorpieceofinformationagainstillicitand/orundetectedmodification),andavailability(protectionagainstpossibledenialsofservicecausedmaliciously).SecureSoftwarebehavescorrectlyinthepresenceofamaliciousutilization(attack),eventhoughsoftwarefailuresmayalsohappenwhenthesoftwareisusedcorrectly.Thus,manytimessoftwaredevelopmentandtestingconcernsonlywithwhathappenswhensoftwarefailsandnotwiththeintentions.Thisiswherethedifferencebetweensoftwaresafetyandsoftwaresecuritylies:inthepresenceofanintelligentadversarywiththeintentionofdamagingthesystem.Definition3.SecurityIndicatorAsecurityindicatorisanyobservablecharacteristicthatcorrelates(orisassumedtocorrelate)withadesiredsecurityproperty.Thesetoffeasibleindicatorvaluesisassumedtoform(atleast)anominalscale.Notethatformanyproposedindicators,therequiredcorrelationwithsecurityhasnotbeenformallyestablished,butisonlypostulatedbasedoninformalreasoning.Anexampleofanindicatoristherateofcompliancewithagivencatalogueofsecuritycriteriaorsecuritybestpractices(i.e.,therelativenumberofrequirementsmet,see,e.g.[3]).Definition4.SecurityMeasureAsecuritymeasureassignstoeachmeasuredobjectasecurityindicatorvaluefromanordinalscaleaccordingtoawell-definedmeasurementprotocol.Inmanycases,themeasuredvaluesarenumbers,butmeasuresmayalsoassignnon-numericdesignatorssuchas{low,medium,high}.Definition5.SecurityMetricAsecuritymetricisasecuritymeasurewithanassociatedsetofrulesfortheinterpretationofthemeasureddatavalues.Basically,weunderstandasecuritymetricasDavidsoncharacterizesit[4]:Asuccessfulsecuritymetricshould:•Motivategood/correctbehavior(notpromoteevasivetacticsjusttomakethenumberslookgood)•Promptadditionalquestions(“Why?How?”)tounderstandwhatisinfluencingthenumbers•Answerbasicquestionsof