Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
Software Reliability and Quality Assurance Challenges in Cyber Physical Systems Security
Abel Yeboah-Ofori
Pages - 115 - 130     |    Revised - 31-07-2020     |    Published - 31-08-2020
Volume - 14   Issue - 3    |    Publication Date - August 2020  Table of Contents
Software Reliability, Secure Tropos, I*, Cyber Physical Systems, Function Point Analysis.
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Cyber threats on software security have been prevailing and have increased exponentially, posing a major challenge on software reliability in the cyber physical systems (CPS) environment. Applying patches after the software has been developed is outdated and a major security flaw. However, this has posed a major software reliability challenge as threat actors are exploiting unpatched and insecure software configuration vulnerabilities that are not identified at the design phase. This paper aims to investigate the SDLC approach to software reliability and quality assurance challenges in CPS security. To demonstrate the applicability of our work, we review existing security requirements engineering concepts and methodologies such as TROPOS, I*, KAOS, Tropos and Secure Tropos to determine their relevance in software security. We consider how the methodologies and function points are used to implement constraints to improve software reliability. Finally, the function points concepts are implemented into the CPS security components. The results show that software security threats in CPS can be addressed by integrating the SRE approach and function point analysis in the development to improve software reliability.
1 R. Alavi, S. Islam, D, Jahankhani, H. and A. Al-Nemrat. "Analyzing Human Factors for an Effective Information Security Management System". International Journal of Secure Software Engineering (IJSSE), 4, 50-74. 2013.
2 CAPEC-437: "Supply Chain. Common Attack Pattern Enumeration and Classification: Domain of Attack". https://capec.mitre.org/data/definitions/437.html MITRE. [Assessed on 05/04/2020]
3 M. Pavlidis. S. Islam. And H. Mouratidis. "A CASE Tool to Support Automated Modelling and Analysis of Security Requirements, Based on Secure Tropos". 2012.
4 P. Giorgini, M. Kolp, J. Mylopoulos, M. Pistore. "The Tropos Methodology". doi: 10.1007/1-4020-8058-1_7. 2004.
5 E. S. Yu. "Social Modeling and I*." Faculty of Information, Springer. University of Toronto. http://www.cs.toronto.edu/pub/eric/JMfest09-EY.pdf. [Accessed on 07/03/2020]
6 Respect-IT. "A KOAS Tutorial". V1.0. 2007. http://www.objectiver.com/fileadmin/download/documents/KaosTutorial.pdf. [Accesse 14/03/2020]
7 E. Lee. "Concept Map for Cyber Physical Systems". http://CyberPhysicalSystems.org/CPSConceptMap.xml. 2012. [Accessed on 14/12/2019]
8 A. J. Albrecht, "Measuring Application Development Productivity". Proceedings of the Joint SHARE, GUIDE, and IBM Application Development Symposium, Monterey, California, October 14-17, 1979. IBM Corporation (1979), pp. 83-92.
9 C. R. Symons, "Function point analysis: difficulties and improvements," in IEEE Xplore Transactions on Software Engineering, vol. 14, no. 1, pp. 2-11, Jan. 1988. DOI: 10.1109/32.4618.
10 N. A. S. Abdullah, S. Abdullah, M. H. Selamat, A. Jaafar. "Software Security Characteristics for Function Point Analysis" IEEE Conference. Industrial. (2010). DOI: 10.1109/IEEM.2009.5373328
11 S. Mukherjee, B. Bhattacharya, S. Mandal. "A Survey on Metrics, Models, & Tools of Software Cost Estimation" International Journal of Advanced Research in Computer Engineering & Technology. Vol. 2, Issue 9. 2013.
12 A. Dhakad, A. S.Rajawat. "A Novel Variant of Function Point Analysis for Accurate Software Size Estimation". International Journal of Engineering & Scientific Research. Vol 4. Issue 2. 2016.
13 L. M. Alves, S. Oliveira, P. Ribeiro, R. J. Machado. "An Empirical Study on the Estimation of Size and Complexity of Software Applications with Function Points Analysis" IEEE International Conference on Computational Science and Its Application. 2014. DOI 10.1109/ICCSA.2014.17.
14 N. A. S. Abdullah, S. Abdullah, M. H. Selamat, A. Jaafar. "Potential Security factors in Software Cost Estimation. IEEE International Symposium on Information Technology 2008. DOI. 10.1109/ITSIM.2008.4631983
15 A. Yeboah-Ofori, J. D. Abdulai, and F. Katsriku, "Cybercrime and Risk for Cyber Physical Systems: A Review". IJCSDF. Vol. 8 No.1. Pg. 43-57. 2018. http://dx.doi.org/10.17781/P002556.
16 A. Susi, A. Perini, and A. Mylopoulos. "The Tropos Methodology and its Use". Informatica 29. 401-408. 2005.
17 A. Yeboah-Ofori, and S. Islam, "Cyber Security Threat Modeling for Supply Chain Organizational Environments." Future Internet, 2019. 11, 63, 2019. doi: 10.3390/611030063
18 S. Khou, L. O. Mailloux, J. M. Pecarina, and M. Mcevilley. "A Customizable Framework for Prioritizing Systems Security Engineering Processes, Activities, and Tasks". IEEE Access, Vol.5, pp. 12878- 12894, 2017. doi: 10.1109/ACCESS.2017.2714979.
19 M. Chenine, J. Ullberg, and G. Ericsson. "A Framework for Wide-Area Monitoring and Control Systems Interoperability and Cybersecurity Analysis". IEEE Transactions on Power Delivery, 29(2), pp. 633-641. 2014. doi: 10.1109/TPWRD.2013.2279182.
20 C. Sun, A. Hahn, and C Liu. "Cyber Security of a Power Grid: State of the Art". International Journal of Electrical Power and Energy System, 99, Pp. 45-56. 2018..
21 M. Al Faruque, F. Regazzoni, and M. Pajic. "Design Methodologies for Securing Cyber-Physical Systems". 2010. doi: 10.1109/CODESISSS.2015.7331365.
Dr. Abel Yeboah-Ofori
School of Architecture, Computing & Engineering, University of East London, London, E16 2GA - United Kingdom