Volume 2, No. 4, April 2011 Journal of Global Research in Computer Science RESEARCH PAPER Available Online at www.jgrcs.info © JGRCS 2010, All Rights Reserved 55 OBJECT ORIENTED DESIGN SECURITY QUANTIFICATION Suhel Ahmad Khan *1 and Raees Ahmad Khan 2 * 1 Department of Information Technology, Babasaheb Bhimrao Ambedkar University (Central University), Lucknow, UP, India ahmadsuhel28@gmail.com 1 2 Department of Information Technology, Babasaheb Bhimrao Ambedkar University (Central University), Lucknow, UP, India khanraees@yahoo.com 2 Abstract: Quantification of security at early phase produces a significant improvement to understand the management of security artifacts for best possible results. The proposed study discusses a systematic approach to quantify security based on complexity factors which having impact on security attributes. This paper provides a roadmap to researchers and software practitioner to assess, and preferably, quantify software security in design phase. A security assessment through complexity framework (SVDF) has been proposed in order to incorporate security to develop quality products. It may be used to benchmark software products according to their severity. Keywords: Software Security; Metrics; Security Quantification; Object oriented; Complexity; INTRODUCTION In today’s world the main challenge for decision scientists and security experts to manage software of increasing complexity. With the growing complexity, it is hard to maintain the criticality of software and increasing inadequacy at desired quality level and security become more vital, complicated and expensive. Quantitative assessment of security will provide the basis for qualitative analysis and security analysis. Software security estimation is the process of quantitative assessment of product security. Software security estimation is a complete structured process. It is required to bring down error rates at every stage of life cycle. Minimizing error rates reduces probability of failures and cost. Design phase is the first step towards problem domain to solution domain. It is the most appropriate phase to estimate security of the software. Security estimation of software in this phase will assist to protect software from loss. One of the most obvious features of science, compared say to arts and humanities is its fixation with putting number of things, by quantification using mathematical formulae. [1] THE FRAMEWORK As a matter of fact, researchers and practitioners highly recommend an efficient and accurate measure of software security early in design phase. There is a common consensus among industry professionals and academicians in integrating security within the development life cycle in order to deliver quality software. Unfortunately, there is no standard methodology or guideline available to quantify software security. Therefore, such a roadmap or framework, which can be followed by industry personnel and researchers to quantify security early in design phase, appears highly desirable and significant. A prescriptive framework as depicted in figure 1 (a) has been proposed to estimate security of object oriented software at design level. Moreover, security quantification figure 1 (b) has been presented in order to emphasize the importance of estimating security at design stage. Th e detailed description of framework is as follows: Figure 1(b) Security quantification Security Design & Conceptualization Software Characterization: A security estimation technique provides a clue to measurement severity of software. This process identifies object oriented design constructs that are used during design phase of software development and serve to define a variety of security and complexity factors. The contribution of each object oriented design characteristics is analyzed for improvement in design security. Metric Selection: Quantification metrics enables an application to opt for desirable security features depending on its gravity and make tradeoffs among cost, security and performance. This step is helpful to identify the relevant metrics which meet the objective of quantification of security through complexity perspective. Several metrics are available related to measurement of software at different stages of software