Moving from Requirements to Design Confronting Security Issues: A Case Study
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Context-aware privacy design pattern selection
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Applicability of security patterns
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Automated software architecture security risk analysis using formalized signatures
Proceedings of the 2013 International Conference on Software Engineering
| Hi-index | 0.00 |
The importance of software security has been profound, since most attacks to software systems are based on vulnerabilities caused by poorly designed and developed software. Furthermore, the enforcement of security in software systems at the design phase can reduce the high cost and effort associated with the introduction of security during implementation. For this purpose, security patterns that offer security at the architectural level have been proposed in analogy to the well known design patterns. The main goal of this paper is to perform risk analysis of software systems based on the security patterns they contain. The first step is to determine to what extent specific security patterns shield from known attacks. This information is fed to a mathematical model based on fuzzy set theory and fuzzy fault trees in order to compute the risk for each category of attacks. The whole process has been automated using a methodology that extracts the risk of a software system by reading the class diagram of the system under study.