By Topic

A Service-Oriented Framework for Quantitative Security Analysis of Software Architectures

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Yanguo Liu ; Dept. of Electr. & Comput. Eng., Univ. of Victoria, Victoria, BC ; Traore, I. ; Hoole, A.M.

Software systems today often run in malicious environments in which attacks or intrusions are quite common. This situation has brought security concerns into the development of software systems. Generally, software services are expected not only to satisfy functional requirements but also to be resistant to malicious attacks. Software attackability is defined as the likelihood that an attack on a software system will succeed. In this paper, we present a service-oriented framework to analyze attackability of software systems. More specifically, we propose a User System Interaction Effect (USIE) model that can be used systematically to derive and analyze security concerns from service-oriented software architectures. Many aspects of the model derivation and analysis can be automated, which limit the amount of user involvement, and thereby reduce the subjectivity underlying typical security risk analysis process. The model can be used as a foundation for quantitative analysis of software services from different security perspectives.

Published in:

Asia-Pacific Services Computing Conference, 2008. APSCC '08. IEEE

Date of Conference:

9-12 Dec. 2008