Title:
Effective Security Impact Analysis with Patterns for Software Enhancement
Author(s):
Takao Okubo, Haruhiko Kaiya, and Nobukazu Yoshioka.
Source:
In Proceedings of the 2011 Sixth International Conference on
Availability, Reliability and Security
(ARES), pp. 527-534, Vienna,
Austria, 22-26 Aug. 2011. IEEE Computer Society, CPS.
DOI 10.1109/ARES.2011.79
Abstract:
Unlike functional implementations, it is difficult to
analyze the impact software enhancements on security. One of
the difficulties is identifying the range of effects by new security
threats, and the other is developing proper countermeasures.
This paper proposes an analysis process that uses two kinds of
security pattern: security requirements patterns for identifying
threats and security design patterns for identifying countermeasures
at an action class level. With these two patterns
and the conventional traceability methodology, developers can
estimate and compare the amounts of modifications needed by
multiple security countermeasures.
Related Paper(s):