Evaluating the degree of security of a system built using security patterns

Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki

研究成果: Conference contribution

抄録

A variety of methodologies to build secure systems have been proposed. However, most of them do not say much about how to evaluate the degree of security of their products. In fact, we have no generally-accepted ways to measure if the product of some methodology has reached some degree of security. However, if the system has been built with a methodology that uses patterns as artifacts, we believe that a simple evaluation is possible. We propose a metric for the security of systems that have been built using security patterns: We perform threat enumeration, we check if the patterns in the product have stopped the threats, and calculate the coverage of these threats by the patterns. We indicate how to take advantage of the Twin Peaks approach to arrive to a refined measure of security. In early work, we have proposed a secure systems development methodology that uses security patterns and we use it as example.

本文言語English
ホスト出版物のタイトルARES 2018 - 13th International Conference on Availability, Reliability and Security
出版社Association for Computing Machinery
ISBN(電子版)9781450364485
DOI
出版ステータスPublished - 2018 8月 27
イベント13th International Conference on Availability, Reliability and Security, ARES 2018 - Hamburg, Germany
継続期間: 2018 8月 272018 8月 30

出版物シリーズ

名前ACM International Conference Proceeding Series

Other

Other13th International Conference on Availability, Reliability and Security, ARES 2018
国/地域Germany
CityHamburg
Period18/8/2718/8/30

ASJC Scopus subject areas

  • ソフトウェア
  • 人間とコンピュータの相互作用
  • コンピュータ ビジョンおよびパターン認識
  • コンピュータ ネットワークおよび通信

引用スタイル