Software security metrics are commonly considered as one critical component of science of security. We propose to investigate existing metrics and new security metrics to predict which code locations are likely to contain vulnerabilities. In particular, we will investigate security metrics to take into account of comprehensive factors such as software internal attributes, developers who develop the software, attackers who attack the software, and users who use the software. The project also investigates metrics to evaluate firewall security objectively.  The developed metrics including risk, usability and cost are used to automate the creation of security architecture and configurations.

TEAM

PIs: Tao Xie, Laurie Williams, & Ehab S. Al-Shaer (UNC-Charlotte)
Students: Jason King, Rahul Pandita, & Mahamed Alsaleh