Principles and Measurement Models for Software Assurance

Principles and Measurement Models for Software Assurance

Nancy R. Mead (CERT, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA), Dan Shoemaker (Department of Computer and Information Systems, College of Liberal Arts & Education, University of Detroit Mercy, Detroit, MI, USA), and Carol Woody (CERT, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA)
Copyright: © 2013 |Pages: 10
DOI: 10.4018/jsse.2013010101
OnDemand PDF Download:
No Current Special Offers


Ensuring and sustaining software product integrity requires that all project stakeholders share a common understanding of the status of the product throughout the development and sustainment processes. Accurately measuring the product’s status helps achieve this shared understanding. This paper presents an effective measurement model organized by seven principles that capture the fundamental managerial and technical concerns of development and sustainment. These principles guided the development of the measures presented in the paper. Data from the quantitative measures help organizational stakeholders make decisions about the performance of their overall software assurance processes. Complementary risk-based data help them make decisions relative to the assessment of risk. The quantitative and risk-based measures form a comprehensive model to assess program and organizational performance. An organization using this model will be able to assess its performance to ensure secure and trustworthy products.
Article Preview

Seven Historic Principles For Software Assurance

Actionable data have to be collected, analyzed, and reported to assure the proper management of the integrity of any product. Because the software production and sustainment process is more adaptive than it is linear and is subject to change at the whim of the developer (and the customer), data provide an objective basis for making informed decisions about performance.

Product performance data have to be unambiguously understood to ensure that they are consistently interpreted. If each project stakeholder interprets data differently, poor and incorrect decisions could result. Therefore, it is essential that project stakeholders have the same understanding about what a given piece of data means. A common point of view requires a fundamental point of reference to guide stakeholders’ interpretation.

The generic perspective for software assurance is based on these principles established in 1974 by Saltzer and Schroeder:

  • 1.

    Economy of Mechanism: Keep the design as simple and small as possible.

  • 2.

    Fail-Safe Defaults: Access can only be gained by permission (whitelisting) rather than exclusion.

  • 3.

    Complete Mediation: Every access to every object must be checked for authority.

  • 4.

    Open Design: Only allow access based on tokens of permission.

  • 5.

    Separation of Privilege: Utilize multiple tokens of permission to gain access.

  • 6.

    Least Privilege: Allow the minimum access necessary to complete the job.

  • 7.

    Least Common Mechanism: Reduce common objects (information hiding).

  • 8.

    Psychological Acceptability: Assure ease of use. (Saltzer & Shroeder, 1974)

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing