Measuring the interplay of security principles in software architectures

Authors:
Koen Buyens;Riccardo Scandariato;Wouter Joosen
Affiliations:
IBBT-Distrinet, Katholieke Universiteit Leuven, Leuven, Belgium;IBBT-Distrinet, Katholieke Universiteit Leuven, Leuven, Belgium;IBBT-Distrinet, Katholieke Universiteit Leuven, Leuven, Belgium
Venue:
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Year:
2009

Citing 16
Cited 1

Software metrics (2nd ed.): a rigorous and practical approach

Software metrics (2nd ed.): a rigorous and practical approach
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Agile Software Development: Principles, Patterns, and Practices

Agile Software Development: Principles, Patterns, and Practices
An Empirically-Based Process for Software Architecture Evaluation

Empirical Software Engineering
Software Architecture Transformations

ICSM '00 Proceedings of the International Conference on Software Maintenance (ICSM'00)
A Survey of Software Refactoring

IEEE Transactions on Software Engineering
Towards a measuring framework for security properties of software

Proceedings of the 2nd ACM workshop on Quality of protection
Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt
ArchStudio 4: An Architecture-Based Meta-Modeling Environment

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Privtrans: automatically partitioning programs for privilege separation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Process Activities Supporting Security Principles

COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Some thoughts on security after ten years of qmail 1.0

Proceedings of the 2007 ACM workshop on Computer security architecture
Rubacon: automated support for model-based compliance engineering

Proceedings of the 30th international conference on Software engineering
Resolving least privilege violations in software architectures

IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Tool-supported development with Tropos: the conference management system case study

AOSE'07 Proceedings of the 8th international conference on Agent-oriented software engineering VIII
Secure Systems Development with UML

Secure Systems Development with UML

Software quality trade-offs: A systematic map

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security principles like least privilege and attack surface reduction play an important role in the architectural phase of security engineering processes. However, the interplay between these principles and the side effects of the application of these secure design strategies on architectural qualities like maintainability have not been studied so far. Therefore it is hard to make informed trade-off decisions between security principles and between security and other qualities. This paper tackles this problem from a quantitative perspective by presenting the experimental results in the context of three case studies.