Quantitative security analysis for service-oriented software architectures
DOI:
关键词:
摘要: Due to the dramatic increase in intrusion activities, definition and evaluation of software security requirements have become important aspects development services. It is now a well-accepted fact engineering that concerns, like any other quality should be dealt with early stages process. Current practices for architecture risk analysis, however, still heavily rely on human expertise. This involves significant amount subjective efforts creating greater potential inaccuracies. In this dissertation, we propose framework quantitative analysis service-oriented systems. regard two contributions are made dissertation. First, identify define some internal attributes related properties based generic model, setting up formal corresponding metrics. Second, measurement abstraction paradigm named User System Interaction Effect (USIE) model can used systematically derive analyze concerns from architectures. Many derivation automated, which limit user involvement and, thereby, reduce subjectivity underlying typical The as foundation services different perspectives respect introduced. Based sample metrics derived framework, illustrate empirically viability our by conducting case studies existing open source software.
uvic.ca参考文章(44)
Brian Henderson-Sellers, Object-oriented metrics ,(1995)
Michael Howard, Steve Lipner, The security development lifecycle : SDL, a process for developing demonstrably more secure software Microsoft Press. ,(2006)
Issa Traoré, An Outline of PVS Semantics for UML Statecharts. Journal of Universal Computer Science. ,vol. 6, pp. 1088- 1108 ,(2000)
JM Gonzáles Nieto, Kapaleeswaran Viswanathan, Colin Boyd, Andrew Clark, Edward Dawson, None, Key recovery for the commercial environment International Journal of Information Security. ,vol. 1, pp. 161- 174 ,(2002) , 10.1007/S10207-002-0014-0
Virgilio Almeida, Capacity Planning for Web Services international symposium on computer modeling, measurement and evaluation. pp. 142- 157 ,(2002)
Mary J. AlleN, Introduction to Measurement Theory ,(1979)
Michael Howard, Jon Pincus, Jeannette M. Wing, Measuring Relative Attack Surfaces Springer, Boston, MA. pp. 109- 137 ,(2005) , 10.1007/0-387-24006-3_8
Jan Jürjens, Model-Based Security Engineering with UML Foundations of Security Analysis and Design III. pp. 42- 77 ,(2005) , 10.1007/11554578_2
J. Voas, A. Ghosh, G. McGraw, F. Charron, K. Miller, Defining an adaptive software security metric from a dynamic software failure tolerance measure Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96. pp. 250- 263 ,(1996) , 10.1109/CMPASS.1996.507892
Ken Frazer, Building secure software: how to avoid security problems the right way ACM Sigsoft Software Engineering Notes. ,vol. 27, pp. 71- 72 ,(2002) , 10.1145/511152.511169