Automated software architecture security risk analysis using formalized signatures

Reviewing software system architecture to pinpoint potential security flaws before proceeding with system development is a critical milestone in secure software development lifecycles. This includes identifying possible attacks or threat scenarios that target the system and may result in breaching of system security. Additionally we may also assess the strength of the system and its security architecture using well-known security metrics such as system attack surface, Compartmentalization, least-privilege, etc. However, existing efforts are limited to specific, predefined security properties or scenarios that are checked either manually or using limited toolsets. We introduce a new approach to support architecture security analysis using security scenarios and metrics. Our approach is based on formalizing attack scenarios and security metrics signature specification using the Object Constraint Language (OCL). Using formal signatures we analyse a target system to locate signature matches (for attack scenarios), or to take measurements (for security metrics). New scenarios and metrics can be incorporated and calculated provided that a formal signature can be specified. Our approach supports defining security metrics and scenarios at architecture, design, and code levels. We have developed a prototype software system architecture security analysis tool. To the best of our knowledge this is the first extensible architecture security risk analysis tool that supports both metric-based and scenario-based architecture security analysis. We have validated our approach by using it to capture and evaluate signatures from the NIST security principals and attack scenarios defined in the CAPEC database.

[1]  Gary Stoneburner,et al.  Engineering Principles for IT Security (A Baseline for Achieving Security), Revision A | NIST , 2004 .

[2]  Leonard J. Bass,et al.  A Basis for Analyzing Software Architecture Analysis Methods , 2005, Software Quality Journal.

[3]  Rick Kazman,et al.  Evaluating Software Architectures: Methods and Case Studies , 2001 .

[4]  Karsten Sohr,et al.  Idea: Towards Architecture-Centric Security Analysis of Software , 2010, ESSoS.

[5]  John Grundy,et al.  Supporting automated vulnerability analysis using formalized vulnerability signatures , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[6]  Colin J. Fidge,et al.  A Hierarchical Security Assessment Model for Object-Oriented Programs , 2011, 2011 11th International Conference on Quality Software.

[7]  Bedir Tekinerdogan,et al.  ASAAM: aspectual software architecture analysis method , 2003, Proceedings. Fourth Working IEEE/IFIP Conference on Software Architecture (WICSA 2004).

[8]  Alexander Chatzigeorgiou,et al.  Architectural Risk Analysis of Software Systems Based on Security Patterns , 2008, IEEE Transactions on Dependable and Secure Computing.

[9]  Adam Shostack adam Control-alt-hack Tm : a Card Game for Computer Security Outreach, Education, and Fun , 2012 .

[10]  Wouter Joosen,et al.  Using Security Patterns to Combine Security Metrics , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[11]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[12]  John Grundy,et al.  MDSE@R: Model-Driven Security Engineering at Runtime , 2012, CSS.

[13]  Eila Niemelä,et al.  A Survey on Software Architecture Analysis Methods , 2002, IEEE Trans. Software Eng..

[14]  Christian Jung,et al.  Indicator-based architecture-level security evaluation in a service-oriented environment , 2010, ECSA '10.

[15]  John C. Grundy,et al.  SMURF: Supporting Multi-tenancy Using Re-aspects Framework , 2012, 2012 IEEE 17th International Conference on Engineering of Complex Computer Systems.

[16]  Tadayoshi Kohno,et al.  Control-Alt-Hack™: a card game for computer security outreach and education (abstract only) , 2013, SIGCSE '13.

[17]  Colin J. Fidge,et al.  Security Metrics for Object-Oriented Class Designs , 2009, 2009 Ninth International Conference on Quality Software.

[18]  Issa Traoré,et al.  A Service-Oriented Framework for Quantitative Security Analysis of Software Architectures , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[19]  William H. Allen,et al.  Security risk analysis of software architecture based on AHP , 2011, 7th International Conference on Networked Computing.

[20]  William H. Allen,et al.  A scenario-based framework for the security evaluation of software architecture , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[21]  Rick Kazman,et al.  The architecture tradeoff analysis method , 1998, Proceedings. Fourth IEEE International Conference on Engineering of Complex Computer Systems (Cat. No.98EX193).

[22]  Weider D. Yu,et al.  Towards a Secure Software Development Lifecycle with SQUARE+R , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops.

[23]  John Grundy,et al.  VAM-aaS: Online Cloud Services Security Vulnerability Analysis and Mitigation-as-a-Service , 2012, WISE.

[24]  Novia Admodisastro,et al.  An Architecture Analysis Approach for Supporting Black-Box Software Development , 2011, ECSA.

[25]  Andy Evans,et al.  Evaluating Security Properties of Architectures in Unpredictable Environments: A Case for Cloud , 2011, 2011 Ninth Working IEEE/IFIP Conference on Software Architecture.

[26]  John Grundy,et al.  TOSSMA: A Tenant-Oriented SaaS Security Management Architecture , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[27]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[28]  María Victoria Cengarle,et al.  OCL 1.4/5 vs. 2.0 Expressions Formal semantics and expressiveness , 2004, Software & Systems Modeling.

[29]  Gary Stoneburner,et al.  SP 800-27 Rev. A. Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A , 2004 .

[30]  Alessandro F. Garcia,et al.  On the Modularity Assessment of Software Architectures: Do my architectural concerns count? , 2007 .

[31]  Liming Zhu,et al.  A framework for classifying and comparing software architecture evaluation methods , 2004, 2004 Australian Software Engineering Conference. Proceedings..