TY - GEN
T1 - Evaluating the degree of security of a system built using security patterns
AU - Fernandez, Eduardo B.
AU - Yoshioka, Nobukazu
AU - Washizaki, Hironori
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/8/27
Y1 - 2018/8/27
N2 - A variety of methodologies to build secure systems have been proposed. However, most of them do not say much about how to evaluate the degree of security of their products. In fact, we have no generally-accepted ways to measure if the product of some methodology has reached some degree of security. However, if the system has been built with a methodology that uses patterns as artifacts, we believe that a simple evaluation is possible. We propose a metric for the security of systems that have been built using security patterns: We perform threat enumeration, we check if the patterns in the product have stopped the threats, and calculate the coverage of these threats by the patterns. We indicate how to take advantage of the Twin Peaks approach to arrive to a refined measure of security. In early work, we have proposed a secure systems development methodology that uses security patterns and we use it as example.
AB - A variety of methodologies to build secure systems have been proposed. However, most of them do not say much about how to evaluate the degree of security of their products. In fact, we have no generally-accepted ways to measure if the product of some methodology has reached some degree of security. However, if the system has been built with a methodology that uses patterns as artifacts, we believe that a simple evaluation is possible. We propose a metric for the security of systems that have been built using security patterns: We perform threat enumeration, we check if the patterns in the product have stopped the threats, and calculate the coverage of these threats by the patterns. We indicate how to take advantage of the Twin Peaks approach to arrive to a refined measure of security. In early work, we have proposed a secure systems development methodology that uses security patterns and we use it as example.
KW - Security evaluation
KW - Security patterns
KW - Software architecture
KW - Software security
KW - Systems security
UR - http://www.scopus.com/inward/record.url?scp=85055289536&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85055289536&partnerID=8YFLogxK
U2 - 10.1145/3230833.3232821
DO - 10.1145/3230833.3232821
M3 - Conference contribution
AN - SCOPUS:85055289536
T3 - ACM International Conference Proceeding Series
BT - ARES 2018 - 13th International Conference on Availability, Reliability and Security
PB - Association for Computing Machinery
T2 - 13th International Conference on Availability, Reliability and Security, ARES 2018
Y2 - 27 August 2018 through 30 August 2018
ER -