A Common Criteria Based Approach for COTS Component Selection
prachi chhabra2004, Journal of Object Technology
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Component-based software engineering (CBSE) endeavors to enable software developers to develop quality software systems with less time and resources than traditional development approaches. Software components must be identified and evaluated in order to determine if they provide required functionality for systems being developed. Consideration of security requirements for component selection is of interest. This research considers how the Common Criteria
Related papers
COTS Evaluation & Selection Process in Design of Component based Software System: An Overview and Future Direction
Global journal of computer science and technology, 2015
This article presents an extensive literature review of the empirical studies carried out in past for evaluation and selection of components during the design phase of Component Based Software Systems (CBSS). In CBSS approach the software systems can be developed by selecting appropriate components which then are assembled to form a complete software system. These Components can be either of the two (a) COTS (Commercial-off-the-Shelf) components or (b) Inhouse built components. These components are selected based on different parameters of cost, reliability, delivery time etc. Therefore, optimal selection of the components plays a vital role in development of CBSS as it saves time and effort. Related articles appearing in the International Journals from 1992 to 2014 are gathered and are critically analyzed. Based on the review it is seen that some of the important issues have not been explored fully. Hence there is scope of improvement which paves the path for future work.
Component Selection for Component Based Software Engineering
International Journal of Computer Applications, 2010
Component selection is not an easy task in Component Based Software Engineering .and it is very difficult to select component for CBSE. Component Based Software Engineering (CBSE) is a concerned with the assembly of pre-existing software components that leads to a software system that responds to client-specific requirements. This paper presents an approach for defining evaluation criteria for reusable software components. We introduce taxonomy of factors that influence selection, describe each of them, and present a hierarchical decomposition method for deriving reuse goals from factors and formulating the goals into an evaluation criteria hierarchy. It also presents a summary of the common problems in reusable off-the-shelf software selection, describes the method .It also indicates that the evaluated aspects of the method are feasible, improve the quality and efficiency of reusable software selection. In this paper the selection of component is done on the basis of the cost of the component which is calculated on the basis of the quality attributes of the component. The approach used for selecting the component is a part of OTSO method that has been developed for reusable component selection process.
An Empirical Study to Compare Three Methods for Selecting Cots Software Components
2008
Component Based Software Developers are faced with the challenge of selecting appropriate Commercial Off-The-Shelf (COTS) products, because the marketplace is characterized by a variety of products and product claims, extreme quality and capability differences between products, and many products incompatibilities. Although a multiplicity of COTS selection method have been proposed in literature, most developer still select COTS products using ad hoc methods. One of the main reason being, COTS selection method do not provide all or most of the required support and guidance required for carrying out the COTS selection process. Moreover, literature on COTS selection methods rarely mentions the limitations of the methods. Therefore, we carried out an empirical study to compare three COTS selection methods; the process and results of the study are presented in this paper. The main objective of the study was to point out the differences between the COTS selection methods, that is if any existed, and to determine the ability of each of the methods to provide adequate COTS selection support and guidance. The ability of a method to provide adequate COTS selection support and guidance was measured in terms of the user satisfaction and confidence in the selection process, as well as in the results of the process.
Assessing security properties of software components: A software engineer's perspective
Proceedings of the Australian Software Engineering Conference, ASWEC, 2006
The paper proposes an assessment scheme for the security properties of software components. The proposed scheme consists of three stages: (i) a system-specific security requirement specification of the enclosing application; (ii) a component-specific security rating; and (iii) an evaluation method for the scored security properties of the candidate component. The assessment scheme ultimately provides a numeric score indicating a relative strength of the security properties of the candidate component. The scheme is partially based on ISO/IEC 15408, the Common Criteria for Information Technology Security Evaluation (CC) and the Multi-Element Component Comparison and Analysis (MECCA) model. The scheme is flexible enough for software engineers to use in order to get a first-hand preliminary assessment of the security posture of candidate components.
IROTS: A Proposed COTS Evaluation a Selection Methodology for Component Based Software Engineering in Under-Development Countries
Proceedings of the 2nd International Conference on Advances in Computer Science and Engineering, 2013
Component Based Software Engineering (CBSE) methodology deals with software systems by evaluation and selection of appropriate components. CBSE offers software developers a compact software development life cycle, reduce development times, cost effective and less strenuous efforts. In under development countries (UDCs) most of the IT developers are unaware about the COTS evaluation and selection methodology for component-based software engineering. The objective of this research work is to facilitate the IT Professionals for the selection of the best COTS component on the basis of software quality model ISO/IEC 25010. The proposed Idealize Recommendation Off-The-Shelf (IROTS) method will facilitate the IT developers for selection of COTS components on basis of software quality model ISO/IEC 25010. This optimized components evaluation and selection technique that brings the best software in market which will fulfill the stakeholders' requirements.
Software Component Quality Evaluation
2014
Component-Based Software Engineering (CBSE) provides for developers the ability to easily reuse and assemble software entities to build complex software. It is based on the composition of prefabricated software entities called components. In this context, the selection step is very important. It consists of searching and selecting appropriate software components from a set of candidate components in order to satisfy the developer-specific requirements. In the selection process, both functional and non- functional requirements are generally considered. In this paper we present a method enabling the evaluation of software components quality. This method allows us choosing the best component in term of non-functional needs.
Component Based Software Engineering
International Journal of Computer Applications, 2010
Traditional software estimation models are directed towards large monolithic software development projects. Contemporary software development practices require a new approach to software cost estimation. Contemporary development practices characterize a software application as interacting, independent components. Component-based development offers many potential benefits such as a greater reuse. Component based software development approach is based on the idea to develop software systems by selecting appropriate off-the shelf components and then to assemble them with a welldefined software architecture. Software community faces a major challenge that is raised by fast growing demand for rapid and cost-effective development and maintenance of large scale and complex software systems. To overcome the challenge, the new trend is to adopt component based software engineering (CBSE).The key difference between CBSE and traditional software engineering is that CBSE views a software system as a set of off-the-shelf components integrated within appropriate software architecture. CBSE promotes large-scale reuse, as it focuses on building software on building software systems by assembling off-the-shelf components rather than implementing the entire system from scratch. CBSE also emphasis on selection and creation of software architecture that allow systems to achieve their quality requirements .As a result, CBSE has introduced fundamental changes in software development and maintenance.
An Elite Model for COTS Component Selection Process
—Component-based software development (CBD) promises development of high-quality trustworthy software systems within specified budget and deadline. The selection of the most appropriate component based on specific requirement plays a vital role for high-quality software product. Multi-Agent software (MAS) engineering approach played a crucial role for selection of the most appropriate component based on a specific requirement in a distributed environment. In this paper, multi agent technique is used for component selection. A semi-automated solution to COTS component selection is proposed. It is evident from the result that (MAS) plays an essential role and is suitable for component selection in a distributed environment keeping in view of the system design and testing strategies.
Requirements for a COTS software component: A case study
Requirements Engineering, 1998
The goal of the GUARDS project is to design and develop a generic fault-tolerant computer architecture that can be built from predefined standardised components. The architecture favours the use of commercial off-the-shelf (COTS) hardware and software components. However, the assessment and selection of COTS components is a non-trivial task as it requires balancing a myriad of requirements from end-users and the preliminary architecture design. In this paper, we present the requirements and assessment criteria for a specific COTS software component, the operating system kernel. As an interface specification constitutes a major compatibility criterion for the selection of COTS components in GUARDS, a particular emphasis is placed on operating system conformance to the POSIX 1003.1 standard. We discuss the general lessons learned from the assessment process and raise a number of questions relevant to the assessment of any COTS software component.
Quality Attributes for COTS Components
2002
As Component-based Software Development (CBSD) starts to be effectively used, some software vendors have commenced to successfully sell and license commercial off-the-shelf (COTS) components. One of the most critical processes in CBSD is the selection of the COTS components that meet the user requirements. Current proposals have shown how to deal with the functional aspects of this evaluation process. However, there is a lack of appropriate quality models that allow an effective assessment of COTS components. Besides, the international standards that address the software products' quality issues (in particular, those from ISO and IEEE) have shown to be too general for dealing with the specific characteristics of software components. In this position paper we propose a quality model for CBSD based on ISO 9126, that defines a set of quality attributes and their associated metrics for the effective evaluation of COTS components.
Related papers
Efficiently managing security concerns in component based system design
29th Annual International Computer Software and Applications Conference (COMPSAC'05), 2005
Component-based software development (CBSD) offers many advantages like reduced product time to market, reduced complexity and cost etc. Despite these advantages its wide scale utilization in developing security critical systems is currently hampered because of lack of suitable design techniques to efficiently manage the complete system security concerns in the development process. The use of Commercial of the Shelf (COTS) components can introduce various security and reliability risks in the system. In this paper we propose a methodology for efficient management of all the system security concerns involved in the design of component based systems. Our methodology is based on formally representing the system security specifications and component capabilities. We identify the metrics for correlating both and suggest extensions to a previously proposed software development process, for selection of suitable components and integration mechanisms. The proposed solution ensures due treatment of all the security concerns for the complete system in the acquisition efforts.
Analysis and Evaluating Security of Component-Based Software Development: A Security Metrics Framework
International Journal of Computer Network and Information Security, 2012
Evaluating the security of software systems is a complex problem for the research communities due to the multifaceted and complex operational environment of the system involved. Many efforts towards the secure system development methodologies like secSDLC by Microsoft have been made but the measurement scale on which the security can be measured got least success. As with a shift in the nature of software development from standalone applications to distributed environment where there are a number of potential adversaries and threats present, security has been outlined and incorporated at the architectural level of the system and so is the need to evaluate and measure the level of security achieved. In this paper we present a framework for security evaluation at the design and architectural phase of the system development. We have outlined the security objectives based on the security requirements of the system and analyzed the behavior of various software architectures styles. As the component-based development (CBD) is an important and widely used model to develop new large scale software due to various benefits like increased reuse, reduce time to market and cost. Our emphasis is on CBD and we have proposed a framework for the security evaluation of Component based software design and derived the security metrics for the main three pillars of security, confidentiality, integrity and availability based on the component composition, dependency and inter component data/information flow. The proposed framework and derived metrics are flexible enough, in way that the system developer can modify the metrics according to the situation and are applicable both at the development phases and as well as after development.
Unsolved Tricky Issues on COTS Selection and Evaluation
Global journal of computer science and technology, 2012
Component Based Software Engineering (CBSE) approach is based on the idea to develop software systems by selecting appropriate components and then to assemble them with a well-defined software architecture. (CBSE) offers developers the twin benefits of reduced software life cycles, shorter development times , saving cost and less effort as compare to build own component. However the success of the component based paradigm depends on the quality of the commercial off-the-shelf (COTS) components purchased and integrated into the existing software systems. It is need of the time to present a quality model that can be used by software programmer to evaluate the quality of software components before integrating them into legacy systems. The evaluation and selection of the COTS components are the most critical process. These evaluation and selection method cannot be resolved by the IT professionals itself. In this study the author tried to compare the twenty three available systematic met...
A Component Selection Framework for COTS Libraries
Lecture Notes in Computer Science, 2008
Component-based software engineering proposes building complex applications from COTS (Commercial Off-The-Shelf) organized into component markets. Therefore, the main development effort is required in selection of the components that fit the specific needs of an application. In this article, we propose a mechanism allowing the automatic selection of a component among a set of candidate COTS, according to functional and non-functional properties. This mechanism has been validated on an example using the ComponentSource component market.
Matching, Ranking, and Selecting Components: A COTS-Aware Requirements Engineering and Software Architecting Approach
At the heart of a well-disciplined, systematic methodology that explicitly supports the use of commercial off-the-shelf (COTS) components is a clearly defined process for effectively using components that meet the needs of the system under development. In this paper, we present the CARE/SA approach that supports the iterative matching, ranking, and selection of COTS components. The components are represented as an aggregate of its functional and non-functional requirements and architecture.
Component selection in Software Engineering -Which attributes are the most important in the decision process
— Component-based software engineering is a common approach to develop and evolve contemporary software systems where different component sourcing options are available: 1) Software developed internally (in-house), 2) Software developed outsourced, 3) Commercial of the shelf software, and 4) Open Source Software. However, there is little available research on what attributes of a component are the most important when selecting new components. The object of the present study is to investigate what matters the most to industry practitioners during component selection. We conducted a cross-domain anonymous survey with industry practitioners involved in component selection. First, the practitioners selected the most important attributes from a list. Next, they prioritized their selection using the Hundred-Dollar ($100) test. We analyzed the results using Compositional Data Analysis. The descriptive results showed that Cost was clearly considered the most important attribute during the component selection. Other important attributes for the practitioners were: Support of the component, Longevity prediction, and Level of off-the-shelf fit to product. Next an exploratory analysis was conducted based on the practitioners' inherent characteristics. Nonparametric tests and biplots were used. It seems that smaller organizations and more immature products focus on different attributes than bigger organizations and mature products which focus more on Cost.
COTS Software Selection: The Need to make Tradeoffs between System Requirements, Architectures and COTS/Components
COTS workshop. Continuing Collaborations for …, 2000
This short paper presents a new research agenda to address problems of COTS software selection in the forthcoming decade. It describes the increasing shift towards software engineering based on COTS software packages, the limitations of current COTS/component-based software engineering methods and research efforts, and proposes a new research agenda to address the problems which arise from a software engineering process based on the reuse of COTS software and software components. The focus of the proposed research is how can we develop complex software systems by integrating together different combinations of COTS software packages and software components.
Selecting the COTS Components Using Ad-hoc Approach
International Journal of Wireless and Microwave Technologies, 2017
This paper presents the current scenario of our software industry which is deploying CBSE approach to construct high quality deliverable software products at shorter time to market. As both Vendor-specific and OSS COTS components are equally popular now-a-days. Hence, the availability of a wide range of COTS components in market is quite high. To select the best suitable candidate among the various available components, various formal methods and techniques like OTSO have been introduced by researchers. In this paper, COTS based software development & SDLC under CBSE tradition are discussed. Along with this discussion, it uncovers the fact that our software developers are applying Ad-hoc techniques as per their taste for making the selection of the most appropriate components for their projects rather than following the formal methods. Through this paper, various possible reasons behind the 'Not-so-In-Use' nature of these formal methods are being reported.
Analytical Study of Component Based Software Engineering
Zenodo (CERN European Organization for Nuclear Research), 2009
This paper is a survey of current component-based software technologies and the description of promotion and inhibition factors in CBSE. The features that software components inherit are also discussed. Quality Assurance issues in componentbased software are also catered to. The feat research on the quality model of component based system starts with the study of what the components are, CBSE, its development life cycle and the pro & cons of CBSE. Various attributes are studied and compared keeping in view the study of various existing models for general systems and CBS. When illustrating the quality of a software component an apt set of quality attributes for the description of the system (or components) should be selected. Finally, the research issues that can be extended are tabularized.
Risk Reduction Activities Identification in Software Component Integration for Component Based Software Development (CBSD)
International Journal of Modern Education and Computer Science
In the modern era, the ideas related to software developments are totally replaced the old traditional software development to CBSD. CBSD is the approach that can provide reusability of components to develop new software under minimum chances of risks. Beyond the CBSD features, there are still some significant risks overall the development phase. Generally, the quality of a developed software is depending upon the component integration phase. Nevertheless, component integration phase plays a tremendous role in the success of CBSD that leads to develop new risk free software. The objective of this research was to identify all the risks in CBSD and applied risk reduction activities to mitigate these risks. On the basis of the literature survey, categorized the risks into different categories. For this, an online questionnaire was performed to identify the risks and the risk reduction activities. 85% results point out that CBSD approach is the best approach as compared to the traditional approach. 80% results show that it performs the risk reduction activities, then the quality of the product improves. However, it is a step towards the mitigation of the vulnerabilities and reducing the cost of maintenance.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.