Paper Info
Title
Architectural Risk Analysis of Software Systems Based on Security Patterns
Abstract
The importance of software security has been profound, since most attacks to software systems are based on vulnerabilities caused by poorly designed and developed software. Furthermore, the enforcement of security in software systems at the design phase can reduce the high cost and effort associated with the introduction of security during implementation. For this purpose, security patterns that offer security at the architectural level have been proposed in analogy to the well-known design patterns. The main goal of this paper is to perform risk analysis of software systems based on the security patterns that they contain. The first step is to determine to what extent specific security patterns shield from known attacks. This information is fed to a mathematical model based on the fuzzy-set theory and fuzzy fault trees in order to compute the risk for each category of attacks. The whole process has been automated using a methodology that extracts the risk of a software system by reading the class diagram of the system under study.
Year
DOI
Venue
2008
10.1109/TDSC.2007.70240
Dependable and Secure Computing, IEEE Transactions
Keywords
Field
DocType
object-oriented methods,risk analysis,security of data,software architecture,architectural risk analysis,design patterns,fuzzy fault trees,fuzzy set theory,security patterns,software systems,Patterns,Risk management,Security,Software Architectures
Data mining,Security testing,Security through obscurity,Software engineering,Security engineering,Computer science,Software security assurance,Security bug,Security information and event management,Architectural pattern,Computer security model,Distributed computing
Journal
Volume
Issue
ISSN
5
3
1545-5971
Citations 
PageRank 
References 
23
0.78
15
Authors
4
Name
Order
Citations
PageRank
Spyros T. Halkidis128310.95
Nikolaos Tsantalis274332.14
Alexander Chatzigeorgiou379060.13
george stephanides431123.44