paper index | HOME

Title: Effective Security Impact Analysis with Patterns for Software Enhancement
Author(s): Takao Okubo, Haruhiko Kaiya, and Nobukazu Yoshioka.
Source: In Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security (ARES), pp. 527-534, Vienna, Austria, 22-26 Aug. 2011. IEEE Computer Society, CPS. DOI 10.1109/ARES.2011.79

Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns for identifying threats and security design patterns for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.
Related Paper(s):