改进使用安全模式构建的系统的安全程度评估

Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI:10.1145/3407023.3407070

Olga Villagrán-Velasco, E. Fernández, J. Ortega-Arjona

{"title":"改进使用安全模式构建的系统的安全程度评估","authors":"Olga Villagrán-Velasco, E. Fernández, J. Ortega-Arjona","doi":"10.1145/3407023.3407070","DOIUrl":null,"url":null,"abstract":"Evaluating the degree of security of a specific software system is a difficult problem and many metrics have been proposed. However, if the system has been built with a methodology that uses patterns as artifacts, a systematic and rather simple evaluation is possible and a metric has been proposed for this evaluation: perform threat enumeration, check if the patterns in the system can stop the identified threats, and calculate the coverage of these threats by the patterns. We refine here that approach by considering the additional effect of the policies (requirements) defined for the system and by using weights for threats and policies.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Refining the evaluation of the degree of security of a system built using security patterns\",\"authors\":\"Olga Villagrán-Velasco, E. Fernández, J. Ortega-Arjona\",\"doi\":\"10.1145/3407023.3407070\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Evaluating the degree of security of a specific software system is a difficult problem and many metrics have been proposed. However, if the system has been built with a methodology that uses patterns as artifacts, a systematic and rather simple evaluation is possible and a metric has been proposed for this evaluation: perform threat enumeration, check if the patterns in the system can stop the identified threats, and calculate the coverage of these threats by the patterns. We refine here that approach by considering the additional effect of the policies (requirements) defined for the system and by using weights for threats and policies.\",\"PeriodicalId\":121225,\"journal\":{\"name\":\"Proceedings of the 15th International Conference on Availability, Reliability and Security\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-08-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 15th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3407023.3407070\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3407023.3407070","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

评估特定软件系统的安全程度是一个难题，已经提出了许多度量标准。然而，如果系统是用一种使用模式作为工件的方法构建的，那么系统的、相当简单的评估是可能的，并且已经为这种评估提出了一个度量:执行威胁枚举，检查系统中的模式是否可以阻止已识别的威胁，并通过模式计算这些威胁的覆盖范围。在这里，我们通过考虑为系统定义的策略(需求)的额外影响以及对威胁和策略使用权重来改进该方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Refining the evaluation of the degree of security of a system built using security patterns

Evaluating the degree of security of a specific software system is a difficult problem and many metrics have been proposed. However, if the system has been built with a methodology that uses patterns as artifacts, a systematic and rather simple evaluation is possible and a metric has been proposed for this evaluation: perform threat enumeration, check if the patterns in the system can stop the identified threats, and calculate the coverage of these threats by the patterns. We refine here that approach by considering the additional effect of the policies (requirements) defined for the system and by using weights for threats and policies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 15th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量