Due to the dramatic increase in intrusion activities, the definition and evaluation of
software security requirements have become important aspects of the development of
software services. It is now a well-accepted fact in software engineering that security
concerns, like any other quality concerns, should be dealt with in the early stages of
software development process. Current practices for software security architecture risk
analysis, however, still heavily rely on human expertise. This involves a significant
amount of subjective efforts creating a greater potential for inaccuracies. In this
dissertation, we propose a framework for quantitative security architecture analysis for
service-oriented software systems. In this regard two important contributions are made in
the dissertation. First, we identify and define some internal security attributes and related
properties based on a generic service-oriented software model, setting up a framework for
the definition and formal evaluation of corresponding security metrics. Second, we
propose a measurement abstraction paradigm named User System Interaction Effect
(USIE) model that can be used to systematically derive and analyze security concerns
from service-oriented software architectures. Many aspects of the model derivation and
analysis can be automated, which limit the amount of user involvement and, thereby,
reduce the subjectivity underlying typical security analysis process. The model can be
used as a foundation for quantitative analysis of software services from different security
perspectives with respect to the internal security properties introduced. Based on sample
metrics derived from the framework, we illustrate empirically the viability of our
paradigm by conducting case studies based on existing open source software.
Identifer | oai:union.ndltd.org:uvic.ca/oai:dspace.library.uvic.ca:1828/895 |
Date | 24 April 2008 |
Creators | Liu, Yanguo(Michael) |
Contributors | Traore, Issa |
Source Sets | University of Victoria |
Language | English, English |
Detected Language | English |
Type | Thesis |
Rights | Available to the World Wide Web |
Page generated in 0.0028 seconds