Title :
Systematic Security Analysis for Service-Oriented Software Architectures
Author :
Yanguo Liu ; Traore, I.
Author_Institution :
Univ. of Victoria, Victoria
Abstract :
Due to the dramatic increase in intrusive activities architecture security analysis and design has emerged as an important aspect of the development of software services. It is a well-accepted fact in software engineering that security concerns like any other quality concerns should be dealt with in the early stages of software development. However, current software security risk analysis approaches still heavily rely on ad hoc techniques. These involve significant amount of subjective efforts creating greater potential for inaccuracies. In this paper, we propose a user system interaction effect (USIE) model that can be used systematically to derive and analyze security concerns from service-oriented software architectures. Many aspects of the model derivation and analysis can be automated, which limit the amount of user involvement, and thereby reduce the subjectivity underlying typical security risk analysis process. The model can be used as a foundation for systematic analysis of software services from different security perspectives.
Keywords :
risk analysis; security of data; software architecture; user interfaces; USIE model; risk analysis; service-oriented software architectures; systematic security analysis; user system interaction effect; Application software; Computer architecture; Computer security; Design engineering; Object oriented modeling; Risk analysis; Service oriented architecture; Software architecture; Software design; Software systems;
Conference_Titel :
e-Business Engineering, 2007. ICEBE 2007. IEEE International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-0-7695-3003-1
DOI :
10.1109/ICEBE.2007.84
