Sciweavers

Share
APSCC
2008
IEEE

A Service-Oriented Framework for Quantitative Security Analysis of Software Architectures

8 years 9 months ago
A Service-Oriented Framework for Quantitative Security Analysis of Software Architectures
Software systems today often run in malicious environments in which attacks or intrusions are quite common. This situation has brought security concerns into the development of software systems. Generally, software services are expected not only to satisfy functional requirements but also to be resistant to malicious attacks. Software attackability is defined as the likelihood that an attack on a software system will succeed. In this paper, we present a service-oriented framework to analyze attackability of software systems. More specifically, we propose a User System Interaction Effect (USIE) model that can be used systematically to derive and analyze security concerns from service-oriented software architectures. Many aspects of the model derivation and analysis can be automated, which limit the amount of user involvement, and thereby reduce the subjectivity underlying typical security risk analysis process. The model can be used as a foundation for quantitative analysis of software...
Yanguo Liu, Issa Traoré, Alexander M. Hoole
Added 29 May 2010
Updated 29 May 2010
Type Conference
Year 2008
Where APSCC
Authors Yanguo Liu, Issa Traoré, Alexander M. Hoole
Comments (0)
books