期刊名称:International Journal of Software Engineering and Its Applications
印刷版ISSN:1738-9984
出版年度:2014
卷号:8
期号:3
页码:143-156
DOI:10.14257/ijseia.2014.8.3.14
出版社:SERSC
摘要:In recent years, concentration on software design phase for evaluating security into the developing software increased where the cost of fixing errors in design level is several times less than the cost of fixing errors in the coding or implementation levels. One of the main challenges in facing current models that evaluate security into the software design phase refers to the need for existence of security experts to analyze the system from a security angle of view while this additional task makes the project more costly and lengthy. In this work we address this problem by defining a method for using known attacks' and threats' properties and behaviors instead of using a drawn misuse case for assessing potential risks in the developing software. The main contribution of this work refers to defining a model for analyzing security aspects into the software design phase while additional cost and time are not required for system analyzing by security experts.