Systematic Security Analysis for Service-Oriented Software Architectures

Abstract

Due to the dramatic increase in intrusive activities architecture security analysis and design has emerged as an important aspect of the development of software services. It is a well-accepted fact in software engineering that security concerns like any other quality concerns should be dealt with in the early stages of software development. However, current software security risk analysis approaches still heavily rely on ad hoc techniques. These involve significant amount of subjective efforts creating greater potential for inaccuracies. In this paper, we propose a user system interaction effect (USIE) model that can be used systematically to derive and analyze security concerns from service-oriented software architectures. Many aspects of the model derivation and analysis can be automated, which limit the amount of user involvement, and thereby reduce the subjectivity underlying typical security risk analysis process. The model can be used as a foundation for systematic analysis of software services from different security perspectives.