Security Risk Assessment of Software Architecture, Methodology and Validation
نویسندگان
چکیده
Security risk assessment is considered a significant and indispensable process in all phases of software development lifecycles, and most importantly at the early phases. Estimating the security risk should be integrated with the other product developments parts and this will help developers and engineers determine the risky elements in the software system, and reduce the failure consequences in that software. This is done by building models based on the data collected at the early development cycles. These models will help identify the high risky elements. In this paper, we introduce a new methodology used at the early phases based on the Unified Modeling Language (UML), Attack graph, and other factors. We estimate the probability and severity of security failure for each element in software architecture based on UML, attack graph, data sensitivity analysis, access rights, and reachability matrix. Then risk factors are computed and validation studies are conducted. An e-commerce case study is investigated as an example.
منابع مشابه
Mapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملSecurity-Based Risk Assessment for Software Architecture
Security-based Risk Assessment for Software Architecture
متن کاملTowards Test-Driven and Architecture Model-Based Security and Resilience Engineering
The quality of software systems depends strongly on their architecture. For this reason, taking into account non-functional requirements at architecture level is crucial for the success of the software development process. Early architecture model validation facilitates the detection and correction of design errors. In this research, the authors are interested in security critical systems, whic...
متن کاملTowards Automatic Security Scenario Generation
Software security has become a crucial component of any software system in today’s market. However, the development of secure software is still a maturing process. Software architecture (SA) assessment methods have gained increasing attention in recent years. Most of these evaluation techniques are scenario-based, and thus depend heavily on the quality of the scenarios selected for their evalua...
متن کاملA risk model for cloud processes
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification...
متن کامل