Please use this identifier to cite or link to this item:
Title: Security Risk Assessment of Software Architecture
Authors: Hassouneh, Yousef
Ammar, Hany
Keywords: Computer software - Development;Information technology - Security measures;Information security
Issue Date: 2011
Abstract: Security risk assessment is considered a significant and indispensable process in all phases of software development life cycles, and most importantly at the early phases. Estimating the security risk should be integrated with the other product developments parts and this will help developers and engineers determine the risky elements in the software system, and reduce the failure consequences in that software. This is done by building models based on the data collected at the early development cycles. These models will help identify the high security risk elements. In this paper, we introduce a new methodology used at the early phases based on the Unified Modeling Language (UML), Attack graph, and other factors. We estimate the probability and severity of security failure for each element in software architecture based on UML, attack graph, data sensitivity analysis, access rights, and reachability matrix. Then risk factors are computed. An e-commerce case study is investigated as an example. Index Terms — Attack Graph, Probability of security failure, Security risk factor, Severity of security failure, Software Architecture.
Appears in Collections:Fulltext Publications

Files in This Item:
File Description SizeFormat
Security_Risk_Assessment_of_Software_Architecture.pdf1.15 MBAdobe PDFView/Open
Show full item record

Page view(s)

Last Week
Last month
checked on Jun 27, 2024


checked on Jun 27, 2024

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.