Security risk assessment is considered a significant
and indispensable process in all phases of software development
lifecycles, and most importantly at the early phases. Estimating
the security risk should be integrated with the other product
developments parts and this will help developers and engineers
determine the risky elements in the software system, and reduce
the failure consequences in that software. This is done by
building models based on the data collected at the early
development cycles. These models will help identify the high
risky elements. In this paper, we introduce a new methodology
used at the early phases based on the Unified Modeling
Language (UML), Attack graph, and other factors. We estimate
the probability and severity of security failure for each element
in software architecture based on UML, attack graph, data
sensitivity analysis, access rights, and reachability matrix. Then
risk factors are computed and validation studies are conducted.
An e-commerce case study is investigated as an example.
Fadi HajSaid : Bachelor of Electrical Engineering from Damascus
University in 1997, Master of Computer Engineering from Stevens
Institute of Technology New Jersey in 2000, and Ph.D. of Computer
Engineering from West Virginia University in 2011. He has been
working in Microsoft Corporation (New York) since 2001 as Technical
Account Manager and consultant. His research area is security risk
assessment of software architecture.
Biographies should be limited to one paragraph consisting of the
following: sequentially ordered list of degrees, including years
achieved; sequentially ordered places of employ concluding with
current employment; association with any official journals or
conferences; major professional and/or academic achievements, i.e.,
best paper awards, research grants, etc.; any publication information
(number of papers and titles of books published); current research
interests; association with any professional associations. Do not
specify email address here.
Yousef Hassouneh : holds a PhD degree in computation from
University of Manchester, UK. He has a profound experience in
Human Computer Interaction, he designed a collaboration framework
and groupware tool to enable Requirements Engineering team
collaboration. He is an assistant professor at the computer science
department and teaches courses in Software Engineering, Internet
programming and programming languages. His research interest are
in Software Architecture, Virtual software engineering teams,
Software risk assessment and metrics, mining software repositories.
He participated in several EU funded projects.
Hany H. Ammar : BSEE, BSPhysics, MSEE, and PhD EE, is a
Professor of Computer Engineering in the Lane Computer Science
and Electrical Engineering department at West Virginia University.
He has published over 170 articles in prestigious international
journals and conference proceedings. Dr. Ammar is currently the
Editor in Chief of the Communications of the Arab Computer Society
On-Line Magazine. He is serving and has served as the Lead
Principal Investigator in the projects funded by the Qatar National
Research Fund under the National Priorities Research Program. In 2010 he was awarded a Fulbright Specialist Scholar Award in
Information Technology funded by the US State Department - Bureau
of Education and Cultural Affairs. He has been the Principal
Investigator on a number of research projects on Software Risk
Assessment and Software Architecture Metrics funded by NASA and
NSF, and projects on Automated Identification Systems funded by
NIJ and NSF. He has been teaching in the areas of Software
Engineering and Computer Architecture since 1987. In 2004, he coauthored
a book entitled Pattern-Oriented Analysis and Design:
Composing Patterns to Design Software Systems, Addison-
Wesley. In 2006, he co-authored a book entitled Software
Engineering: Technical, Organizational and Economic Aspects, an
Arabic Textbook.
Attack Graph
Probability of security failure
Security risk factor
Severity of security failure
Software
Architecture
In this paper, we have proposed a methodology for
security risk assessment based on UML specifications,
Attack Graph development, database sensitivity,
reachability Matrix, and access rights. Furthermore, our
estimation is performed at the early phases of software
lifecycle. Thus, early security attacks detection will help
developers focus on high security risk elements, scenarios
and use cases. We conducted two studies to validate our
proposed methodologies based on the design security
patterns and sensitivity analysis methods. Our assessment
is not only beneficial to developers, but also to software
companies, industries, governments, and consumers
especially most systems are built to be used through
internet. Our work can be extended in more than one
direction. First, an important extension is to automate the
security risk assessment of any system .Second, extend
our methodology to assess the security risk in the clouds
and hosting systems especially the present and future is
growing significantly in these two directions.
[1] A. Hecker, “On System Security Metrics and the
Definition Approaches” IEEEThe Second International
Conference on Emerging Security Information, Systems
and Technologies, August 2008, p 412-419
[2] B. Blakley, C. Heath, and Members of the Open Group
Security Forum, “Security Design Patterns: Open Group
Technical Guide”, 2004.
[3] C.Feng, and S. Jin-Shu, “A Flexible Approach to
Measuring Network Security Using Attack
Graphs,”IEEE International Symposium on Electronic
Commerce and Security, Computer Society, 2008, p.
426-43
[4] G. McGraw, “Software Security.”IEEE Journals, 2004
[5] G. McGraw, “Software Security Building Security In.”
Addison-Wesel, 2006.
[6] J.A. Wang, H. Wang, M. Guo, M. Xia, “Security metrics
for software systems.” ACM Proceedings of the 47th
Annual Southeast Regional Conference.Article 47, 2009
[7] J.B. Bowles, W. Hanczaryk, “Threat Effects Analysis:
Applying FMEA to Model Computer System Threats”
IEEE Conference Reliability and Maintainability
Symposium, 2008. RAMS 2008. Annual, Jan 2008, p
463 – 468,
[8] J. O. Aagedal, F. D. Braber, T. Dimitrakos, B. A. Gran,
D. Raptis, K. Stolen, “Model-based risk assessment to
improve enterprise security.”Proceedings Sixth
International Enterprise Distributed Object Computing,
2002.p. 51-62.
[9] L. Briand, K. El Emam, and S. Morasca. “Theoretical
and empirical validation of software product measure”.
Technical Report number ISERN-95-03, International
Software Engineering Research Network, 1995.
[10] M. Howard, J. Pincus, and J.M. Wing. “Measuring
Relative Attack Surfaces.” Workshop on Advanced
Developments in Software and Systems Security, 2003.
[11] N.Davis,, et al., “Processes for Producing Secure
Software Summary of US National Cybersecurity
Summit Subgroup Report.” IEEE Security and Privacy,
2004. 2(3), p. 18-25.
[12] P.K.Manadhata, and J.M. Wing, “An Attack Surface
Metric.” IEEE Transactions on Software Engineering,
2010
[13] R.S. Pressman, “Software Engineering: A Practitioner's
Approach.” McGraw-Hill Science, 2001 5th ed.
[14] S. L. Pfleeger, and C. P. Pfleeger, “Security in
Computing,”4th edition, Prentice Hall, Upper Saddle
River, NJ, 2007.
[15] V.Sharma, and K. Trivedi, “Architecture based analysis
of performance, reliability and security of software
systems.”ACM 5th international workshop on Software
and performance (WOSP'05), 2005, p. 217- 227.