Model-Based Assessment of Conformance to Acknowledged Security-Related Software Architecture Good Practices

Monica Buitrago; Isabelle Borne; Jérémy Buisson

doi:10.5220/0012312400003645

Model-Based Assessment of Conformance to Acknowledged Security-Related Software Architecture Good Practices

Monica Buitrago, Isabelle Borne, Jérémy Buisson

2024

Abstract

Security-by-design considers security throughout the whole development lifecycle, to detect and fix potential issues as early as possible. With this approach, the software architect should assess some security level of the software architecture, to predict whether the software under development will have security issues. Previous works proposed several metrics to measure the attack surface, the attackability, and the satisfaction of security requirements on the software architecture. However, proving the correlation between these metrics and security is far from trivial. To circumvent this difficulty, we propose new metrics rooted in CWE, NIST guidelines and security patterns. So, our four novel metrics measure the conformance of the software architecture to these acknowledged security-related recommendations. The usage of our metrics is evaluated with case studies.

Download

Paper Citation

in Harvard Style

Buitrago M., Borne I. and Buisson J. (2024). Model-Based Assessment of Conformance to Acknowledged Security-Related Software Architecture Good Practices. In Proceedings of the 12th International Conference on Model-Based Software and Systems Engineering - Volume 1: MODELSWARD; ISBN 978-989-758-682-8, SciTePress, pages 117-124. DOI: 10.5220/0012312400003645

in Bibtex Style

@conference{modelsward24,
author={Monica Buitrago and Isabelle Borne and Jérémy Buisson},
title={Model-Based Assessment of Conformance to Acknowledged Security-Related Software Architecture Good Practices},
booktitle={Proceedings of the 12th International Conference on Model-Based Software and Systems Engineering - Volume 1: MODELSWARD},
year={2024},
pages={117-124},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012312400003645},
isbn={978-989-758-682-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 12th International Conference on Model-Based Software and Systems Engineering - Volume 1: MODELSWARD
TI - Model-Based Assessment of Conformance to Acknowledged Security-Related Software Architecture Good Practices
SN - 978-989-758-682-8
AU - Buitrago M.
AU - Borne I.
AU - Buisson J.
PY - 2024
SP - 117
EP - 124
DO - 10.5220/0012312400003645
PB - SciTePress