A Quantitative Approach to Evaluate Software Architecture Security and Filling Missing Values using Genetic Algorithm

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 7, Issue 9, September 2017)

403

A Quantitative Approach to Evaluate Software Architecture

Security and Filling Missing Values using Genetic Algorithm

D. Udaya

1

, K. Vivekanandan

2

1_{Research Scholar, Pondicherry Engineering College, India} 2_{Professor, Pondicherry Engineering College, India}

Abstract— Developing secure software in today’s

competitive business world is a challenging task. Finding and solving vulnerabilities at the later phase of the Software Development Life Cycle (SDLC) is expensive, difficult and time-consuming. Hence, security is to be assured at the earlier stage of the SDLC.. The proposed work follows a quantitative approach to measure the security of the software architecture for an Object-Oriented Design (OOD). As there is no standard method to measure the security of the software, an evaluation model for measuring security quantitatively at the architectural level is proposed. This model is expressed in terms of mathematical formulas derived using the Analytical Hierarchy Process (AHP). Inconsistency and missing values are frequent possibilities in decision matrices of AHP that result in no gain in decision making. Hence, for filling the missing data in the AHP process, Genetic Algorithm (GA) is applied. The technique anticipated in this work comprise of AHP-GA model to evaluate architecture. The results obtained using the case study proves that the proposed method is highly effective in evaluating the security of architecture compared to the other existing methods.

Keywords— Software Architecture, Architecture Evaluation, Software metrics, Security, Analytical Hierarchy Process, Missing values, Genetic Algorithm.

I. INTRODUCTION

Systems are growing bigger as the modern society has now become highly dependent on computers, and have become more open to attack. Security, with no exception, remains inadequate, as there are no established formulas or procedures for assessing the level of software security quantitatively (Savola, Reijo M., 2013). Security issues such as confidentiality, integrity, authenticity, etc. need to be safeguarded to become manifest with a secure software (Khan, Muhammad Umair Ahmed, and Mohammed Zulkernine., 2009). Adding security features to the system after they have been developed may require a lot of time and effort. Hence, assessing security at an early stage of SDLC protects the software from vulnerabilities (Siveroni, Igor, Andrea Zisman, and George Spanoudakis., 2010).

To identify the overall security of a program, it has to be identified at the architectural level itself. Therefore, there exists a need for a methodology to evaluate the security at an initial stage.

According to IEEE, security is defined as ―The idea of engineering software, so that it continues to function correctly even under malicious attack. Most technologists acknowledge this undertaking’s importance, but they need some help in understanding how to tackle it‖ (Radatz, Jane, Anne Geraci, and Freny Katki., 1990). Security is to be provided at all levels of SDLC, especially at the design phase to come out with a unified secure architecture. This secure architecture is the key note for developers to design a secure code. The object-oriented design (OOD) properties such as inheritance, abstraction, encapsulation, coupling, cohesion, complexity, etc. are vital properties on which the software quality relies (Al-lawatiya, Ayat, and Santhosh John., 2015). Security being an essential aspect, if these design properties can effectively be mapped to security attributes, we can measure security quantitatively. Evaluating security reveals security-related weakness in the software architecture, thereby judging the security of the final product.

(2)

International Journal of Emerging Technology and Advanced Engineering

404

Different OOD metrics are available that act as a quality indicators to measure software quality. Proposed herein a metric based Software architecture evaluation model, a decision making method is to be incorporated to find the external and internal metrics that contribute to security. The AHP, a structured technique that deals with complex decisions is the most widely and commonly used MCDM technique. It gives numerical priorities to its decision alternatives that help us to quantify security. Since multiple experts participate in decision making, inconsistency and missing values are the most common inconveniences faced in AHP. Genetic Algorithm, a powerful algorithm that provides reasonable values is used to correct the inconsistent and missing values as given by Wanderer L. K., 2013. In view of the fact that GA is based on natural selection and genetics, it is suitable for these problems that allow detecting inconsistent matrices and fill the missing data by suggesting possible values.

This paper is organized as follows: In Section 2 the related work, the motivation and goals are provided. Section 3 presents the Software Security Evaluation model. It includes the selection of metrics using Analytical Hierarchy Process (AHP) in Section 3.1, filling missing values in AHP pairwise matrix using GA in Section 3.2 and computation of weights and selection of metrics is explained in section 3.3. The implementation is shown in Section 4. This includes the description of the proposed model and the results of the experiment. The validation of the proposed work is given in Section 5. Conclusions and future work are given in Section 6.

II. RELATED WORK

Measuring security and fixing it late in the SDLC may lead to serious issues in the strength of the software being developed. Hence, implementing security right from the beginning of the software in the design makes it possible to protect it from attacks. Many researchers have proposed many different techniques for measuring the security of the architecture of software. Liu used neural network to compute the attack frequency. Based on the attack frequency and Multi Criteria Decision Making MCDM technique, the security of the system architecture is improved to minimize the risk and cost of control (Liu, Fang, Kui Dai, and Zhiying Wang., 2004.). Using a security risk assessment model based on threats dimensions; the security threat failure is estimated by Jouini (Jouini, Mouna, Latifa Ben Arfa Rabai, and Ridha Khedri., 2015). Yautsiukhin proposed a method to measure the security of a pattern-based software architecture using thread coverage metrics and aggregation algorithm.

He used decomposition trees to represent security objectives and threats (Yautsiukhin, Artsiom, et al., 2008.) Security point is calculated using a metric score for cyclomatic complexity, Weighted Method per Class (WMC) and Maintainability index, and the file security level is determined using Naïve Bayes classification algorithm (Sarıman, Guncel, and Ecir Ugur Kucuksille., 2016). For developing a secure system, Alshammari suggested various approaches using security design principles, security quality metrics and secure refactoring (Alshammari, Bandar M., Colin J. Fidge, and Diane Corney., 2016). R. A Khan furnished a security quantification model from the complexity perspective to evaluate a design.

(3)

International Journal of Emerging Technology and Advanced Engineering

405

Although not all the quality attributes depend on all the design properties, some selection procedure is to be adopted for selecting the best alternatives. One of the most popular and broadly used decision-making techniques is the Analytical Hierarchy Process (Saaty, Thomas L., and Luis G. Vargas., 2012).

In the application of AHP, the pairwise comparison matrix is often left with missing values and inconsistencies. To solve the problem of filling missing judgments there are a number of approaches, such as connecting path method along with least square method(Chen, Kun, et al., 2015), geometric mean induced bias matrix(Ergu, Daji, et al., 2016), weighted nearest neighbor method(Tutz, Gerhard, and Shahla Ramzan., 2015), Bayesian Genetic Algorithm(Priya, R. Devi, and S. Kuppuswami., 2012)(da Serra Costa, José Fabiano., 2011), neural network-based model (Gomez-Ruiz, Jose Antonio, Marcelo Karanik, and José Ignacio Peláez., 2010), Eigen value minimization method (BozóKi, SáNdor, János Fülöp, and Lajos RóNyai., 2010). The proposed model uses Geometric mean combined with GA approach that resulted in the best solution of all.

The motive behind this research work is described as follows:

a. There exists a variety of metrics and selection of suitable metrics for measurement is a point to be considered. Hence, a model is proposed to identify a suitable metric set for measuring security.

b. Among non-functional attributes, a little significance has been given to software security assessment. Hence, security of architecture is measured based on quantitative measurements rather than qualitative ones. c. Of the available software security assessment model, not

all the OOD properties are taken into consideration. Hence, the QMOOD is selected that takes into account all the design properties of object-oriented system

III. SOFTWARE SECURITY EVALUATION MODEL

Software Architecture Evaluation identifies the desired quality attributes and the problems within the architecture, thereby leading to a better understanding of the architecture. To evaluate architecture’s quality, some quality model and an evaluation methodology is to be followed.

[image:3.612.324.566.304.454.2]

For our proposed security evaluation model, ISO 25010 quality model and metric-based evaluation methodology is used. According to ISO 25010, security can be characterized by its sub-attributes, namely, confidentiality, integrity, non-repudiation, accountability and authenticity (ISO, 2011). As stated by Bansiya, the quality (external attributes) of software relies on the design properties (internal attributes) and is assessed using design metrics (Bansiya, Jagdish, and Carl G. Davis, 2002). The proposed approach for software security evaluation model measures the given architecture for security using QMOOD metrics suite given in the Table I.

TABLE I

QMOOD DESIGN METRICS DESCRIPTION

Design

Properties Design Metrics

Design Size Design Size in Classes (DSC) Hierarchies Number of Hierarchies (NOH) Abstraction Average number of Ancestors(ANA) Encapsulation Data Access Metric (DAM) Coupling Direct Class Coupling (DCC)

Cohesion Cohesion among Methods in a class(CAM) Composition Measure of Aggregation (MOA)

Inheritance Measure of Functional Abstraction (MFA) Polymorphism Number of Polymorphic Methods (NOP) Messaging Class Interface Size (CIS)

Complexity Number of Methods (NOM)

(4)

International Journal of Emerging Technology and Advanced Engineering

[image:4.612.63.273.146.296.2]

406 Figure.1 Software Security Evaluation model

The process flow of the proposed model for the evaluation of Software architecture using AHP and Genetic algorithm is given in below:

Step 1: Based on the questionnaire responses, the pairwise comparison matrix is generated for each individual.

Step 2: Filling the missing values in the pairwise comparison matrix and checking for the consistency of the matrix is done using GA. The matrix is consistent if the Consistency Ratio (CR) is less than 10%.

Consistency Ratio (CR) (1)

Where,

CI and RI = 1.52

Where,

λmax, the Principal Eigen value is obtained from the

summation of products between each element of Eigen

vector and the sum of columns of the Reciprocal matrix.

Step 3: Using all the responses from the questionnaire, Geometric mean is calculated for each of the eleven metrics for security and its sub-characteristics.

Step 4: Computation of weights and selection of metrics is carried out.

a) The pairwise comparison matrix is normalized by dividing each sum by its column sum.

b) The Principal Eigen Vector is calculated by taking the average weight of each row.

Step 5: Using the computed weights, metrics with a higher contribution to security and its sub-characteristics are selected and formulas are derived for security and its sub-characteristics.

A. Identification of constituent metrics for Security using AHP

The simplest way of identifying the security metrics is to choose some metrics randomly from the QMOOD metric suite. However, there is no guarantee that the randomly chosen metrics are of greater importance in contributing to security. As all the eleven metrics in the metric suite don’t add to measuring the security, we use AHP, the most commonly used technique in decision making. The AHP method selects only those metrics that contribute more significantly to security and its sub-characteristics.

The AHP technique is applied at two levels to compute weights:

a) First, to map base metrics to sub-characteristics of security such as confidentiality, integrity, non-repudiation, accountability and authenticity.

b) Second, to map these sub-characteristics to a higher-level quality attribute i.e., security.

There are eleven derived design metrics in the QMOOD metric suite listed in Table 2(Bansiya, Jagdish, and Carl G. Davis, 2002). Since not all the eleven metrics are significantly equal in obtaining the quality index, weights are established to select highly contributing metrics. The selection of metrics for quality attributes at both levels is done using the AHP. As the first step in this AHP, a questionnaire along with the Saaty’s nine-point measurement scale listed in Table II is given to the domain experts. For this a web-based questionnaire was designed considering the multi-criteria decision making strategy. The experts were requested to fill one preference, a scale of 1 to 9 for each factor.

Table II

SAATY’S MEASUREMENT SCALE

Definition Intensity of

preference

Extremely preferred 9

Very strongly preferred 7

Strongly preferred 5

Moderately preferred 3

Less preferred 1

Intermediate values 2,4,6,8

Computation of formulas for security

and its sub-characteristics using

metrics

Selection of metrics Computation of

weights Filling the missing values using Genetic

(5)

International Journal of Emerging Technology and Advanced Engineering

407

The questionnaire gets the ranking for the eleven metrics using Saaty’s scale (rank 1-9) for security and its sub-characteristics, namely, confidentiality, integrity, non-repudiation, accountability and authenticity. Based on the responses from a set of 75 experts, a hierarchical framework is constructed. In the framework, constructed as in figure 2 the five quality attributes that quantifies security are at level 1 and the most significant metrics that quantify security are constituted at level 2.

B. Filling the missing values using GA

The responses from the questionnaire may not be complete for many reasons such as the experts lack knowledge of one or more alternatives, huge number of pairwise comparisons requested and so on. Obviously, the pairwise comparison matrix constructed in the AHP for each individual is also incomplete. There are so many ways in filling those missing values in the matrix, the optimum one by using GA(da Serra Costa, José Fabiano., 2011; Wanderer, L., Karanik, M., & Carpintero, D., 2013). The number of missing values varies dynamically based on the response of the experts. The missing values are filled as per Saaty’s measurement scale, with values from 1 to 9. Once the value is filled in the matrix, the matrix is checked for consistency, i.e., Consistency Ratio (CR) <10%.

First, an initial population is generated randomly and the chromosome takes on real numbers to encode. Next, the fitness function calculates the fitness value, then selection, crossover and mutation. Finally, once the termination condition is met, the evolution process is stopped.

Encoding: Each chromosome is a real number composed of numbers corresponding with those of Saaty’s scale. (1-9). The length of the chromosome is the number of missing values in the upper triangle of the pairwise comparison matrix. As the lower matrix is the reciprocal of the upper matrix, the maximum length is n (n-1)/2, where n is the matrix order.

Fitness function: The consistency ratio CR=CI/RI is calculated for each individual chromosome, where CI is the consistency Index and RI is the random index. The best-fit individual should have a CR≤0.1.

The tournament selection strategy provides a selective pressure and population diversity to fine tune GA search process. This method is more efficient as the mating pool consists of winners with the highest fitness value. A real number tournament selection procedure is used to select the chromosome for crossover.

Two-point crossover is chosen and performed with a fixed probability.

Integer mutation is incorporated in the algorithm to abet in preventing the problem of premature convergence. The chromosome with the highest fitness in the generation are not crossed-over or mutated by means of elitism operator. The best chromosomes were chosen to form a part of the next generation.

ALGORITHMI

For finding the missing values in the pairwise comparison matrix

Input: Pair wise comparison matrix values

Output: Optimum values for the missing places

Begin

1. Initializemaxgenerations and population size.

2. Find the length of the chromosome = the number of missing value in the pairwise comparison matrix. 3. Generate Initial population with random chromosomes.

4. Find the fitness value for each chromosome, i.e., Calculate the consistency CR=CI/RI.

5. Repeat until the fitness value<=0.1 or number of iterations reach maxgenerations.

5.1 Select best parent

5.2 Crossover parents to produce offspring 5.3 Mutate offspring to come out with a new population.

5.4 Find fitness for new population generated 6. Return best fit population.

End

The defined algorithm was applied to a set of generated matrices for each individual based on an expert’s opinion and the missing judgements are filled with consistent values. The number of missing values may vary from one to ten as the order of our matrix is 11×11.

C. Computation of Weights and Selection of metrics

Based on the response given by the domain experts for all the eleven metrics of the QMOOD metric suite for security, a pairwise comparison matrix is generated for each response. The unfilled values are filled using our proposed genetic algorithm. For each quality factor there will be a collective set of responses. To have a combined observation of all the experts, a statistical measure, geometric mean recommended by Saaty is computed for each sub-attribute and security (Dijkstra, Theo K., 2013).

(6)

International Journal of Emerging Technology and Advanced Engineering

408

The next step is to find the sum of each column of the matrix. Next to get the normalized relative weight, divide each element by the column sum. The normalized Principle Eigen Vector is obtained by computing the average of each row. Figs. 2-7 show plotting of computed weights for security and its sub-attributes.

However, all the design properties are not contributing their maximum towards each attributes. Also, there are positive and negative contributions of the design properties. Therefore mathematical formulas are derived accordingly for security and its sub attributes using the weights obtained using AHP.

Confidentiality

The ISO 25010 standard for Software Quality defines Confidentiality as,‖ Degree to which a product or system ensures that data are accessible only to those authorized to have access‖. The design properties that highly contributes this attribute are design size, encapsulation, coupling and polymorphism. Using AHP process the resultant formula is,

[image:6.612.326.561.139.278.2]

Confidentiality=2.31*designsize+1.59*encapsulation-1.54*coupling-1.44*polymorphism (2)

Figure. 2 Plotting weightage of metrics for confidentiality

Integrity

It is defined as the, ―Degree to which a system, product or component prevents unauthorized access to, or modification of, computer programs or data‖. The selected design properties for this quality attribute are encapsulation, inheritance, coupling and cohesion. Integrity is computed as follows,

[image:6.612.44.283.399.554.2]

Integrity=1.78*encapsulation-1.71*inheritance-1.59*coupling+1.54*cohesion (3)

Figure.3 Plotting weightage of metrics for Integrity

Non-Repudiation

ISO standard defines Non-Repudiation as, ―Degree to which actions or events can be proven to have taken place, so that the events or actions cannot be repudiated later‖. It is computed using design size, cohesion, encapsulation and complexity.

NonRepudiation=0.27*designsize+0.26*cohesion+0.24*co mplexity+0.23*encapsulation (4)

Figure.4 Plotting weightage of metrics for non-repudiation

Accountability

It is defined as the, ―Degree to which the actions of an entity can be traced uniquely to the entity‖. Hierarchies, polymorphism, coupling and cohesion are the design properties selected.

[image:6.612.322.555.400.536.2]

(7)

International Journal of Emerging Technology and Advanced Engineering

409 Figure.5 Plotting weightage of metrics for Accountability

Authenticity

Degree to which the identity of a subject or resource can be proved to be the one claimed. It is computed using polymorphism, cohesion, inheritance and complexity and is given as,

Authenticity=0.54*inheritance+0.47*complexity-0.44*polymorphism+0.43*cohesion (6)

Figure.6 Plotting weightage of metrics for Authenticity

The most significant contributing metrics are only selected to derive formulas. They are adjusted proportionately to give a sum of ±1.

Security

Security is the degree to which a product or system protects information and data so that persons or other products or systems have the degree of data access appropriate to their types and levels of authorization.

Once after the metrics are selected for each sub attribute and their corresponding formulas are computed, the AHP technique is applied recursively for deriving Security. It is formulated as,

Security = 0.26 * confidentiality + 0.23 * integrity + 0.16 * nonrepudiation+ 0.10*accountability+ 0.26*authenticity (7)

Figure.7 Plotting weightage of attributes for Security

The derived mathematical formulae Eq.2 to Eq.7 are consolidated in Table III.

TABLEIII

DERIVEDMATHEMATICALFORMULAS

Quality

Attribute Formula

Confidentiality 2.31*design size+1.59*encapsulation-1.54*coupling-1.44*polymorphism

Integrity 1.78*encapsulation-1.71*inheritance-1.59*coupling+1.54*cohesion

Non-repudiation

0.27*design size + 0.26*cohesion + 0.24*complexity+0.23*encapsulation

Accountability 9.48*polymorphism-8.73*coupling +8.65*cohesion-8.39*hierarchies

Authenticity 0.54*inheritance+0.47*complexity-0.44*polymorphism+0.43*cohesion

Security

0.26*confidentiality + 0.23*integrity+ 0.16*nonrepudiation+0.10*accountability+ 0.26*authenticity

(8)

International Journal of Emerging Technology and Advanced Engineering

410 Figure.8 Hierarchical framework for assessing security

IV. IMPLEMENTATION AND EXPERIMENTAL RESULTS

The selection of a software as a case study for implementing our model is most essential in producing the results and validating our research work. In order to justify our work and make it as convincing as possible, multiple versions of open source software are explored. Undertaking four versions of apache Tomcat 7 Series (7.0.6, 7.0.22, 7.0.39 and 7.0.47) allowed as quantifying the design metrics of the proposed model. Table IV shows the captured, normalized metric values for part (Juli) of the four series. This normalization of metric values are recommended as different ranges of values are combined together to measure the attributes

.

TABLEIV

NORMALIZEDDESIGNMETRICS

METRIC

VALUES

TC7.0.6 TC7.0.22 TC7.0.39 TC7.0.47

DSC 1.00 1.17 1.17 1.17

NOH 1.00 1.00 1.00 1.00

ANA 1.00 0.56 0.53 0.58

DAM 1.00 1.10 1.11 1.18

DCC 1.00 1.00 1.00 1.00

CAM 1.00 1.00 1.00 1.00

MOA 1.00 0.50 0.50 0.75

MFA 1.00 1.00 1.00 1.00

NOP 1.00 0.63 0.63 0.50

CIS 1.00 1.03 1.03 0.97

NOM 1.00 1.84 1.87 1.74

Applying these measured metric values in the derived computational formulas in Table V measures the sub-attributes of security and Security Index (SI) for different versions of software as well.

TABLEV

NORMALIZEDQUALITYATTRIBUTES

Quality Attribute

TC7.0.6 TC 7.0.22

TC 7.0.39

TC 7.0.47

Confidentiality 1.00 2.18 2.19 2.52

Integrity 1.00 9.98 10.75 17.41

Non-repudiation 1.00 1.27 1.28 1.26

Accountability 1.00 2.52 2.52 3.69

Authenticity 1.00 1.56 1.57 1.57

Security 1.01 3.22 3.41 4.90

A graph for the same is plotted in Fig. 9. The main purpose of our experimental analysis is to determine what software design metrics constitute to security and to measure it quantitatively

.

Figure.9 Plotting attributes for Security

V. VALIDATION

To prove the validation of our work, the project quality characteristics are analyzed apart from the design metrics. Other categories of metrics can be collected after the development phase. We reverse engineered the source codes of the four versions of the apache Tomcat 7 Series (7.0.6, 7.0.22, 7.0.39 and 7.0.47) to obtain their actual design. The security indexes for the designs are measured using our derived evaluation model. Similarly, code is measured using existing code-level metrics such as stall ratio, critical element ratio, defect density ratio (DDR), etc.

Security

Confidentiality

Integrity

Non- Repudiation

Accountability

Authenticity

DSC DAM DCC NPM

DAM DCC CAM MFA

DSC DAM CAM NOM

NOH DCC CAM NOP

(9)

International Journal of Emerging Technology and Advanced Engineering

411

We used DDR to validate our work as it identifies the minor and the major flaws in security. The DDR is the measure of the ratio of the number of defects to the lines of code.

DDR = (8)

[image:9.612.50.288.286.349.2]

Using the formula in Eq. (2), the DDR is measured for the four versions of our case study. Table VI and figure 12 records the information on the security index and the DDR measures.

TABLE VI

NORMALIZED QUALITY ATTRIBUTES

MEASURES/

VERSIONS

TC 7.0.6

TC 7.0.22

TC 7.0.39

TC 7.0.47 Security Index 1.01 3.22 3.41 4.90 Defect Density

Ratio

0.46 0.24 0.19 0.12

An increase in the overall quality of the delivered product is exhibited by drop off in the defects. In all cases, the evaluation model given by QMOOD metrics is acceptably validated through the measures with DDR. It is encouraging to observe that security constantly matches (same or proportional) the defect densities. Generally, metrics that can be computed at the earlier phases are considered to have more efficacies.

Figure.10 Security Index and DDR measures

VI. CONCLUSION AND FUTURE WORK

To summarize, a model for evaluating software architecture is derived for measuring the security quantitatively for a given architecture. Selection of appropriate metric set from QMOOD metric suite is done using one of the MCDM algorithms.

Amidst many available MCDM algorithms, the AHP technique suits well for our problem in selecting the most appropriate metrics that contributes to security.

The security and its sub-characteristics are measured quantitatively using the selected metrics. The missing values in the AHP process are filled using GA. After filling those missing values, mathematical formulae are derived that measure security using external metrics like confidentiality, integrity, non-repudiation, accountability and authenticity, which in turn are measured using internal design metrics. Applying this model and metrics to software systems would be a good idea for evaluating architecture for security at an early stage, thereby reducing time, cost and effort.

The case study taken for the validation is a smaller system, and in order to use this model for larger systems, some automated tool can be developed to measure those metrics. A much similar Software Architecture Evaluation Model can be generated to measure any non-functional quality attribute. Instead of AHP, any hybrid MCDM algorithm can be used to get better results. Similarly, GA can be replaced with other evolutionary algorithms.

REFERENCES

[1] Abowd, Gregory, et al., (1997) 'Recommended Best Industrial Practice for Software Architecture Evaluation', No. CMU/SEI-96-TR-025. Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Institute.

[2] Al-lawatiya, Ayat, and Santhosh John.(2015) 'Framework to Evaluate Quality of Object Oriented Design', International Journal of Innovation and Scientific Research.

[3] Allen, Julia H., et al., (2009) Software security engineering, Addison-Wesley Professional 2.3.

[4] Alshammari, B., Fidge, C., & Corney, D.(2009) 'Security metrics for object-oriented class designs', In Quality Software, pp. 11-20. [5] Alshammari, Bandar M., Colin J. Fidge, and Diane Corney.(2016),

'Developing Secure Systems: A Comparative Study of Existing Methodologies', Lecture Notes on Software Engineering 4.2 : 139. [6] Arvanitou, Elvira-Maria, et al., (2016), 'Software metrics fluctuation:

a property for assisting the metric selection process', Information and Software Technology, Volume 72, pp. 110-124.

[7] Bansiya, Jagdish, and Carl G. Davis. (2002), ' A hierarchical model for object-oriented design quality assessment.', Software Engineering, IEEE Transactions on 28, pp. 14-17.

[8] BozóKi, SáNdor, János Fülöp, and Lajos RóNyai.(2010), 'On optimal completion of incomplete pairwise comparison matrice', Mathematical and Computer Modelling 52.1, pp. 318-333.

[9] Briand, L., et al., (1998), 'A Comprehensive Investigation of Quality Factors in Object-Oriented Designs: An Industrial Case Study', Technical Report ISERN-98-29, International conference on Software Engineering, ACM.

[image:9.612.51.288.451.600.2]

(10)

International Journal of Emerging Technology and Advanced Engineering

412 [11] Chawla, Mandeep K., and Indu Chhabra., (2013), 'Capturing OO

Software Metrics to attain Quality Attributes–A case study', International Journal of Scientific & Engineering Research, Volume 4.6, pp. 359-363.

[12] Chen, Kun, et al.,(2015), 'Bridging the gap between missing and inconsistent values in eliciting preference from pairwise comparison matrices' Annals of Operations Research 235.1, pp. 155-175. [13] Chidamber, Shyam R., and Chris F. Kemerer.,(1994), 'A metrics

suite for object oriented design' IEEE Transactions on software engineering, Volume 20.6, pp. 476-493.

[14] Chidamber, Shyam R., and Chris F. Kemerer,(1991), 'Towards a metrics suite for object oriented design' ACM, p. Vol. 26. No. 11. [15] da Serra Costa, José Fabiano.(2011), 'A genetic algorithm to obtain

consistency in analytic hierarchy process', Brazilian Journal of Operational and Production Management 8.1, pp. 55-64.

[16] Dijkstra, Theo K.,(2013), 'On the extraction of weights from pairwise comparison matrices', Central European Journal of Operations Research, pp. 1-21.

[17] Ergu, Daji, et al.(2016), 'Estimating the missing values for the incomplete decision matrix and consistency optimization in emergency management', Applied Mathematical Modelling 40.1, pp. 254-267.

[18] Genero, Marcela, Mario Piattini, and Coral Calero.(2005), 'A survey of metrics for UML class diagrams', Journal of object technology 4.9, pp. 59-92.

[19] Gomez-Ruiz, Jose Antonio, Marcelo Karanik, and José Ignacio Peláez.(2010),'Estimation of missing judgments in AHP pairwise

matrices using a neural network-based model,' Applied Mathematics

and Computation 216.10, pp. 2959-2975.

[20] Ishizaka, Alessio, and Ashraf Labib.(2011), 'Review of the main developments in the analytic hierarchy process', Expert systems with applications 38.11, pp. 14336-14345.

[21] ISO(2011) Systems and software engineering---Systems and software Quality Requirements and Evaluation (SQuaRE)---System and software quality models., ISO/IEC 25010.

[22] Jouini, Mouna, Latifa Ben Arfa Rabai, and Ridha Khedri.(2015), 'A multidimensional approach towards a quantitative assessment of security threats', Procedia ComputerScience, Elseveier pp.: 507-514. [23] Karanik, Marcelo, et al.(2016), 'Reconstruction methods for AHP

pairwise matrices: How reliable are they?', Applied Mathematics and Computation, Volume 279, pp. 103-124.

[24] Khan, Muhammad Umair Ahmed, and Mohammed Zulkernine., (2009), 'On selecting appropriate development processes and requirements engineering methods for secure software.' Computer Software and Applications Conference, 2009. COMPSAC'09. 33rd Annual IEEE International.

[25] Li, Wei, and Sallie Henry(1993), 'Object-oriented metrics that predict maintainability', Journal of systems and software 23.2, pp. 111-122.

[26] Liu, Fang, Kui Dai, and Zhiying Wang.(2004), 'Applying multiple criteria decision making to improve security architecture development', Proceedings of the 3rd international conference on

information security. ACM, pp. 244-246.

[27] Lobato, Fabio, et al., (2015), 'Multi-objective genetic algorithm for missing data imputation', Pattern Recognition Letters, Volume 68, pp. 126-131.

[28] Lorenz, Mark, and Jeff Kidd,(1994), 'Object-oriented software metrics: a practical guide', Prentice-Hall, Inc..

[29] Lorenz, M. a. J. K., 1994. Object-oriented software metrics: a practical guide. Prentice-Hall, Inc..

[30] McCurley, James, Dave Zubrow, and Carol Dekkers.(2008), 'Measures and measurement for secure software development', Software Engineering Institute.

[31] Melo, Walcelio (1996), 'Evaluating the impact of object-oriented design on software quality', Software Metrics Symposium, Proceedings of the 3rd International. IEEE, 1996.

[32] Mitchell, Melanie.(1998), 'An introduction to genetic algorithms', MIT press.

[33] Mohammed, Nabil M., et al.,(2017), 'Exploring software security approaches in software development lifecycle: A systematic mapping study', Computer Standards & Interfaces, Volume 50, pp. 107-115.

[34] Plösch, Reinhold, et al.,(2016), 'A Framework for Measuring Object-Oriented Design Quality', Journal of Object Technology, Volume 15.4.

[35] Priya, R. Devi, and S. Kuppuswami.(2012), 'A genetic algorithm based approach for imputing missing discrete attribute values in databases', WSEAS Transactions on Information Science and Applications 9.6, pp. 169-178.

[36] Radatz, Jane, Anne Geraci, and Freny Katki.(1990), 'IEEE standard glossary of software engineering terminology', IEEE Std 610121990.121990, p. 3.

[37] Ryoo, Jungwoo, Rick Kazman, and Priya Anand.(2015), 'Architectural Analysis for Security', IEEE Security & Privacy, Volume 13.6, pp. 52-59.

[38] Saarela, Marko., 2016. "Measuring software security from the design of software.'.

[39] Saaty, Thomas L., and Luis G. Vargas.(2012), ' Models, methods, concepts & applications of the analytic hierarchy process' Vol. 175, Springer Science & Business Media.

[40] Sarıman, Guncel, and Ecir Ugur Kucuksille.(2016), 'A Novel Approach to Determine Software Security Level using Bayes Classifier via Static Code Metrics' , Elektronika ir Elektrotechnika 22.2, pp. 73-80.

[41] Savola, Reijo M.(2013), 'Quality of security metrics and measurements', Computers & Security, Issue 37, pp. 78-90. [42] Shatnawi, Raed, and Ahmad Alzu’bi.(2011), 'An Empirical

Verification of Software Artifacts Using Software Metrics', Proceedings of the International MultiConference of Engineers and Computer Scientists,vol 1.

[43] Sivanandam, S. N., and S. N. Deepa.(2007), 'Introduction to genetic algorithm', Springer Science & Business Media.

[44] Siveroni, Igor, Andrea Zisman, and George Spanoudakis.(2010), 'A UML-based static verification framework for security' Requirements engineering 15.1, pp. 95-118.

[45] Subramanyam, Ramanath, and Mayuram S. Krishnan.(2003), 'Empirical analysis of ck metrics for object-oriented design complexity: Implications for software defects', IEEE Transactions on software engineering 29.4, pp. 297-310.

[46] Subramanyam, R. a. M. S. K.(2003), 'Empirical analysis of ck metrics for object-oriented design complexity: Implications for software defects', IEEE Transactions on software engineering 29.4 , pp. 297-310.

(11)

International Journal of Emerging Technology and Advanced Engineering

413 [48] Tutz, Gerhard, and Shahla Ramzan.(2015), 'Improved methods for

the imputation of missing data by nearest neighbor methods', Computational Statistics & Data Analysis 90, pp. 84-99.

[49] Udaya D, and Vivekanandan K. (2016), 'An Empirical Evaluation

model for Software Architecture Maintainability for Object oriented Design', Proceedings of the International Conference on Informatics and Analytics. ACM.

[50] Wanderer, L., Karanik, M., & Carpintero, D.(2013), 'Genetic algorithms applied to inconsistent matrices correction in the analytic hierarchy process (AHP)', In Argentine Symposium on Artificial Intelligence,(Córdoba, Argentina, 2013),pp. 169-180.