Security Countermeasure Selection for Component-Based Software-Intensive Systems

Abstract

Given the increasing complexity of softwareintensive systems as well as the sophistication and high frequency of cyber-attacks, automated and sound approaches to select countermeasures are required to effectively protect software systems. In this paper, we propose a formal architecturecentered approach to analyze the security of a software-intensive component-based system to find cost-efficient countermeasures that consider both the system architecture and its behavior. We evaluate our approach by applying it on a case study.