Applying Security Risk Analysis to a Service-Based System
نویسندگان
چکیده
Risk analysis is the only effective way of making value judgments about the need for security. Established analysis methods apply to whole operational systems, taking a necessarily holistic view of security, but this makes them difficult to integrate into the design process for service-based applications, where design and implementation is independent of operational deployment. However, the most costly mistakes occur early in the development lifecycle, and effective security can be difficult to retrofit, motivating the need for early security analysis. This paper describes SeDAn (Security Design Analysis), a security risk analysis framework that is adapted for use in the design phase of service-based systems, and its application to a significant grid-based application (DAME). The complete lifecycle of the risk analysis is described, and the effectiveness of the process in identifying design defects validates both the need for, and the effectiveness of, this type of analysis.
منابع مشابه
A Lightweight Intrusion Detection System Based on Specifications to Improve Security in Wireless Sensor Networks
Due to the prevalence of Wireless Sensor Networks (WSNs) in the many mission-critical applications such as military areas, security has been considered as one of the essential parameters in Quality of Service (QoS), and Intrusion Detection System (IDS) is considered as a fundamental requirement for security in these networks. This paper presents a lightweight Intrusion Detection System to prote...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملRisk Analysis and Economic Load Dispatch Evaluation of Network with High Wind Power Penetration
This study based on investigation for integration wind power into conventional power system with its impact on fossil fuel generators and their generation management. Wind power as environmental friendly energy source can reduce the operational cost of the system due to considering no cost for energizing the generator in comparing with fossil fuel generators. However due to unpredictable nature...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کامل