{"title":"评估安全性以比较基于组件的系统的架构选择","authors":"A. Busch, M. Strittmatter, A. Koziolek","doi":"10.1109/QRS.2015.24","DOIUrl":null,"url":null,"abstract":"Modern software development is typically performed by composing a software system from building blocks. The component-based paradigm has many advantages. However, security quality attributes of the overall architecture often remain unspecified and therefore, these cannot be considered when comparing several architecture alternatives. In this paper, we propose an approach for assessing security of component-based software architectures. Our hierarchical model uses stochastic modeling techniques and includes several security related factors, such as attackers, his goals, the security attributes of a component, and the mutual security interferences between them. Applied on a component-based architecture, our approach yields its mean time to security failure, which assesses its degree of security. We extended the Palladio Component Model (PCM) by the necessary information to be able to use it as input for the security assessment. We use the PCM representation to show the applicability of our approach on an industry related example.","PeriodicalId":361839,"journal":{"name":"2015 IEEE International Conference on Software Quality, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Assessing Security to Compare Architecture Alternatives of Component-Based Systems\",\"authors\":\"A. Busch, M. Strittmatter, A. Koziolek\",\"doi\":\"10.1109/QRS.2015.24\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern software development is typically performed by composing a software system from building blocks. The component-based paradigm has many advantages. However, security quality attributes of the overall architecture often remain unspecified and therefore, these cannot be considered when comparing several architecture alternatives. In this paper, we propose an approach for assessing security of component-based software architectures. Our hierarchical model uses stochastic modeling techniques and includes several security related factors, such as attackers, his goals, the security attributes of a component, and the mutual security interferences between them. Applied on a component-based architecture, our approach yields its mean time to security failure, which assesses its degree of security. We extended the Palladio Component Model (PCM) by the necessary information to be able to use it as input for the security assessment. We use the PCM representation to show the applicability of our approach on an industry related example.\",\"PeriodicalId\":361839,\"journal\":{\"name\":\"2015 IEEE International Conference on Software Quality, Reliability and Security\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-08-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE International Conference on Software Quality, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS.2015.24\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Software Quality, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS.2015.24","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Assessing Security to Compare Architecture Alternatives of Component-Based Systems
Modern software development is typically performed by composing a software system from building blocks. The component-based paradigm has many advantages. However, security quality attributes of the overall architecture often remain unspecified and therefore, these cannot be considered when comparing several architecture alternatives. In this paper, we propose an approach for assessing security of component-based software architectures. Our hierarchical model uses stochastic modeling techniques and includes several security related factors, such as attackers, his goals, the security attributes of a component, and the mutual security interferences between them. Applied on a component-based architecture, our approach yields its mean time to security failure, which assesses its degree of security. We extended the Palladio Component Model (PCM) by the necessary information to be able to use it as input for the security assessment. We use the PCM representation to show the applicability of our approach on an industry related example.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
