Web Application Architecture Security Evaluation Method Based on AADL

In this paper, we propose an architecture security evaluation method to identify potential risks of architecture. We model security features of web applications from two different but complementary points of view using AADL, build an AADL security model which contribute to detect risks of architecture. With the help of a tool, we can automatically convert the AADL security model to an architecture security model. Then, an integration process applies analytic hierarchy process (AHP) and fuzzy evaluation analysis to the architecture security model. In the end, we can get security conclusions of the architecture and improve security measures based on security conclusions. The experiment demonstrates that the method not only improves efficiency of the evaluation, but also makes security evaluation process more objective and accurate.