Measuring the interplay of security principles in software architectures

Security principles like least privilege and attack surface reduction play an important role in the architectural phase of security engineering processes. However, the interplay between these principles and the side effects of the application of these secure design strategies on architectural qualities like maintainability have not been studied so far. Therefore it is hard to make informed trade-off decisions between security principles and between security and other qualities. This paper tackles this problem from a quantitative perspective by presenting the experimental results in the context of three case studies.

[1]  Richard N. Taylor,et al.  ArchStudio 4: An Architecture-Based Meta-Modeling Environment , 2007, 29th International Conference on Software Engineering (ICSE'07 Companion).

[2]  Wouter Joosen,et al.  Identifying and Resolving Least Privilege Violations in Software Architectures , 2009, 2009 International Conference on Availability, Reliability and Security.

[3]  David Brumley,et al.  Privtrans: Automatically Partitioning Programs for Privilege Separation , 2004, USENIX Security Symposium.

[4]  Shari Lawrence Pfleeger,et al.  Software Metrics : A Rigorous and Practical Approach , 1998 .

[5]  Wouter Joosen,et al.  Architectural design of a digital publishing system , 2006 .

[6]  Richard C. Holt,et al.  Software architecture transformations , 2000, Proceedings 2000 International Conference on Software Maintenance.

[7]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[8]  Shari Lawrence Pfleeger,et al.  Software metrics (2nd ed.): a rigorous and practical approach , 1997 .

[9]  Tom Mens,et al.  A survey of software refactoring , 2004, IEEE Transactions on Software Engineering.

[10]  Wouter Joosen,et al.  Resolving least privilege violations in software architectures , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[11]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[12]  Mikael Lindvall,et al.  An Empirically-Based Process for Software Architecture Evaluation , 2004, Empirical Software Engineering.

[13]  Wouter Joosen,et al.  Process Activities Supporting Security Principles , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[14]  Wouter Joosen,et al.  Towards a measuring framework for security properties of software , 2006, QoP '06.

[15]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[16]  Jeannette M. Wing,et al.  A Formal Model for a System's Attack Surface , 2011, Moving Target Defense.

[17]  Daniel J. Bernstein,et al.  Some thoughts on security after ten years of qmail 1.0 , 2007, CSAW '07.

[18]  Anna Perini,et al.  Tool-Supported Development with Tropos: The Conference Management System Case Study , 2007, AOSE.

[19]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[20]  Jan Jürjens,et al.  Rubacon: automated support for model-based compliance engineering , 2008, ICSE '08.

[21]  Robert C. Martin Agile Software Development, Principles, Patterns, and Practices , 2002 .