Architecture Security Evaluation Method Based on Security of the Components

Author

Changxiao Du ; Xiaohong Li ; Hong Shi ; Jing Hu ; Ruitao Feng ; Zhiyong Feng

Author_Institution

Dept. of Comput. Sci. & Technol., Tianjin Univ., Tianjin, China

Volume

1

fYear

2013

fDate

2-5 Dec. 2013

Firstpage

523

Lastpage

528

Abstract

This paper presents a quantitative architecture security evaluation method to identify potential risks of an architecture. The method is based on security of the architecture components. In this method, components of the architecture are classified and their security measures are identified according to component function and architecture level. Then, an integration process applies analytic hierarchy process (AHP) and fuzzy evaluation analysis to determine quantitative and qualitative factors in evaluating the security of components. These factors are used to obtain security conclusions of the architecture. The experiment shows that the method not only improves efficiency of the evaluation, but also makes security evaluation process more objective and accurate.

Keywords

analytic hierarchy process; fuzzy set theory; object-oriented programming; safety-critical software; software architecture; AHP; analytic hierarchy process; architecture level; component function; efficiency improvement; fuzzy evaluation analysis; integration process; qualitative factors; quantitative architecture security evaluation method; quantitative factors; risk identification; security measures; Access control; Authentication; Business; Computer architecture; Encryption; Vectors; AHP; Fuzzy evaluation analysis; architecture; component; security evaluation;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Engineering Conference (APSEC), 2013 20th Asia-Pacific

Conference_Location

Bangkok

ISSN

1530-1362

Print_ISBN

978-1-4799-2143-0

Type

conf

DOI

10.1109/APSEC.2013.75

Filename

6805446