{"title":"在不可预测的环境中评估架构的安全属性:一个云的案例","authors":"Funmilade Faniyi, R. Bahsoon, A. Evans, R. Kazman","doi":"10.1109/WICSA.2011.25","DOIUrl":null,"url":null,"abstract":"The continuous evolution and unpredictability underlying service-based systems leads to difficulties in making exact QoS claims about the dependability of architectures interfacing with them. Hence, there is a growing need for new methods to evaluate the dependability of architectures interfacing with such environments. This paper presents a method for evaluating the security quality attribute of architectures in service-based systems. The proposed method combines some properties of the Architectural Tradeoff Analysis Method (ATAM) and security testing using Implied Scenario. In particular, the scenario elicitation process of ATAM is improved by utilising Implied Scenario technique to generate scenarios which may be undetected using plain ATAM. An industrial case study of a problem related to securing data at the Software-as-a-Service layer on Force.com Cloud platform is adopted to validate the new method. The results indicate that our method found four additional security scenarios beyond the plain ATAM, resulting in four new risks and two new tradeoff points.","PeriodicalId":234615,"journal":{"name":"2011 Ninth Working IEEE/IFIP Conference on Software Architecture","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"Evaluating Security Properties of Architectures in Unpredictable Environments: A Case for Cloud\",\"authors\":\"Funmilade Faniyi, R. Bahsoon, A. Evans, R. Kazman\",\"doi\":\"10.1109/WICSA.2011.25\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The continuous evolution and unpredictability underlying service-based systems leads to difficulties in making exact QoS claims about the dependability of architectures interfacing with them. Hence, there is a growing need for new methods to evaluate the dependability of architectures interfacing with such environments. This paper presents a method for evaluating the security quality attribute of architectures in service-based systems. The proposed method combines some properties of the Architectural Tradeoff Analysis Method (ATAM) and security testing using Implied Scenario. In particular, the scenario elicitation process of ATAM is improved by utilising Implied Scenario technique to generate scenarios which may be undetected using plain ATAM. An industrial case study of a problem related to securing data at the Software-as-a-Service layer on Force.com Cloud platform is adopted to validate the new method. The results indicate that our method found four additional security scenarios beyond the plain ATAM, resulting in four new risks and two new tradeoff points.\",\"PeriodicalId\":234615,\"journal\":{\"name\":\"2011 Ninth Working IEEE/IFIP Conference on Software Architecture\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Ninth Working IEEE/IFIP Conference on Software Architecture\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WICSA.2011.25\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Ninth Working IEEE/IFIP Conference on Software Architecture","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WICSA.2011.25","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluating Security Properties of Architectures in Unpredictable Environments: A Case for Cloud
The continuous evolution and unpredictability underlying service-based systems leads to difficulties in making exact QoS claims about the dependability of architectures interfacing with them. Hence, there is a growing need for new methods to evaluate the dependability of architectures interfacing with such environments. This paper presents a method for evaluating the security quality attribute of architectures in service-based systems. The proposed method combines some properties of the Architectural Tradeoff Analysis Method (ATAM) and security testing using Implied Scenario. In particular, the scenario elicitation process of ATAM is improved by utilising Implied Scenario technique to generate scenarios which may be undetected using plain ATAM. An industrial case study of a problem related to securing data at the Software-as-a-Service layer on Force.com Cloud platform is adopted to validate the new method. The results indicate that our method found four additional security scenarios beyond the plain ATAM, resulting in four new risks and two new tradeoff points.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
