Web Application Architecture Security Evaluation Method Based on AADL

In this paper, we propose an architecture security evaluation method to identify potential risks of architecture. We model security features of web applications from two different but complementary points of view using AADL, build an AADL security model which contribute to detect risks of architecture. With the help of a tool, we can automatically convert the AADL security model to an architecture security model. Then, an integration process applies analytic hierarchy process (AHP) and fuzzy evaluation analysis to the architecture security model. In the end, we can get security conclusions of the architecture and improve security measures based on security conclusions. The experiment demonstrates that the method not only improves efficiency of the evaluation, but also makes security evaluation process more objective and accurate.

[1]  HerzogJared Software Architecture in Practice Third Edition Written by Len Bass, Paul Clements, Rick Kazman , 2015 .

[2]  Peter H. Feiler,et al.  Model-Based Engineering with AADL: An Introduction to the SAE Architecture Analysis & Design Language , 2012 .

[3]  Muhammad Ali Babar,et al.  Comparison of scenario-based software architecture evaluation methods , 2004, 11th Asia-Pacific Software Engineering Conference.

[4]  Eila Niemelä,et al.  A Survey on Software Architecture Analysis Methods , 2002, IEEE Trans. Software Eng..

[5]  Peter H. Feiler,et al.  The Architecture Analysis & Design Language (AADL): An Introduction , 2006 .

[6]  Michele Lanza,et al.  Object-Oriented Metrics in Practice - Using Software Metrics to Characterize, Evaluate, and Improve the Design of Object-Oriented Systems , 2006 .

[7]  T. Saaty,et al.  The Analytic Hierarchy Process , 1985 .

[8]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[9]  Liming Zhu,et al.  A framework for classifying and comparing software architecture evaluation methods , 2004, 2004 Australian Software Engineering Conference. Proceedings..

[10]  C.J.H. Mann,et al.  Object-Oriented Metrics in Practice: Using Software Metrics to Characterize, Evaluate, and Improve the Design of Object-Oriented Systems , 2007 .

[11]  NiemeläEila,et al.  A survey on software architecture analysis methods , 2002 .

[12]  Thomas L. Saaty What is the analytic hierarchy process , 1988 .