Experimental validation of the technical attack ability metrics model

Abstract

Computer systems have become gradually and fully embedded into our daily activities. Software based systems attackers have noted these dependency, and have increased the number of attacks of such systems. Software managers and designers require a means of predicting the Attackability of system at the design state. Attackability is a concept proposed recently in literature to measure the extent that a software system or service could be the target of a successful attack. These authors have published such a conceptual model called the Holistic predictive attackability metric model for secure service oriented software. Holistic in that it comprises of a social and technical aspect. This paper is considers experimental validation of the technical metrics part of model only. The technical part uses internal software attributes; complexity cohesion and coupling (3C’s) to predict attackability an external attribute. Pilot experiments were conducted with selected objects from which relationship between Attackability and the corresponding attribute was established. A model was generated for each after carrying out Kendall Tau-b correlation, performing regression testing and curve estimation using SPSS software package. The results were then combined to generate Mean Technical attackability model metrics, which was validated through sample 12 software. Jhawk tool was used measure the 3C’s for each software. The data were to used to generate Calculated mean Technical attackability metrics. The results were tabulated against the measured mean attackability. Pearson correlation and regression testing analysis were performed. The results indicates the model and the corresponding metrics could be used in predicting the mean Technical attackability of a software system.