- About this Journal
- Abstracting and Indexing
- Aims and Scope
- Annual Issues
- Article Processing Charges
- Articles in Press
- Author Guidelines
- Bibliographic Information
- Citations to this Journal
- Contact Information
- Editorial Board
- Editorial Workflow
- Free eTOC Alerts
- Publication Ethics
- Reviewers Acknowledgment
- Submit a Manuscript
- Subscription Information
- Table of Contents
Mathematical Problems in Engineering
Volume 2013 (2013), Article ID 165029, 11 pages
http://dx.doi.org/10.1155/2013/165029
A Quantitative Assessment Approach to COTS Component Security
1School of Computer Science and Telecommunication Engineering, Jiangsu University, Zhenjiang 212013, China
2School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China
3School of Software and Communication Engineering, Jiangxi University of Finance and Economics, Nanchang 330013, China
Received 28 August 2012; Revised 26 December 2012; Accepted 31 December 2012
Academic Editor: Huaguang Zhang
Copyright © 2013 Jinfu Chen et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Abstract
The vulnerability of software components hinders the development of component technology. An effective assessment approach to component security level can promote the development of component technology. Thus, the current paper proposes a quantitative assessment approach to COTS (commercial-off-the-shelf) component security. The steps of interface fault injection and the assessment framework are given based on the internal factors of the tested component. The quantitative assessment algorithm and formula of component security level are also presented. The experiment results show that the approach not only can detect component security vulnerabilities effectively but also quantitatively assess the component security level. The score of component security can be accurately calculated, which represents the security level of the tested component.