期刊名称:International Journal of Computer Science and Network
印刷版ISSN:2277-5420
出版年度:2014
卷号:3
期号:6
页码:483-497
出版社:IJCSN publisher
摘要:Security risk assessment is considered a significant and indispensable process in all phases of software development lifecycles, and most importantly at the early phases. Estimating the security risk should be integrated with the other product developments parts and this will help developers and engineers determine the risky elements in the software system, and reduce the failure consequences in that software. This is done by building models based on the data collected at the early development cycles. These models will help identify the high risky elements. In this paper, we introduce a new methodology used at the early phases based on the Unified Modeling Language (UML), Attack graph, and other factors. We estimate the probability and severity of security failure for each element in software architecture based on UML, attack graph, data sensitivity analysis, access rights, and reachability matrix. Then risk factors are computed and validation studies are conducted. An e-commerce case study is investigated as an example.
关键词:Attack Graph;Probability of security failure;Security risk factor;Severity of security failure;Software Architecture
