|
|
 |
| |
|
|
|
An Analytical Security Model for Existing Software Systems |
|
|
|
PP: 691-702 |
|
|
|
Author(s) |
|
|
|
Ayaz Isazadeh,
Islam Elgedawy,
Jaber Karimpour,
Habib Izadkhah,
|
|
|
|
Abstract |
|
|
| Nowadays, evaluation of software security, as one of the important quality attributes, is of paramount importance. There are
many software systems have not considered security in their design; this makes them vulnerable to security risks. Architecture is the
most important consideration in software design that affects final quality of software. Quality attributes such as efficiency and reliability
have been studied at software architecture level; however, no report has ever been provided about the effect of software architecture
on security. The purpose of this paper is to propose a mathematical-based method for evaluating and quantifying software security
using the coupling aspects of the software architecture. To achieve this goal, first, we show the relationship between coupling types and
vulnerability using an empirical-based software engineering technique that adopts Mozilla Firefox Browser vulnerability data. Then,
we propose a mathematical weighted relationship between coupling types and vulnerability, where regression statistical analysis and
Mozilla Firefox vulnerability data are used to predicate the relationship coefficients. Finally, we extract software architecture using
DAGC tool and then convert the extracted architecture into Discrete Time Markov chains, which are used to predict and compute the
system over all vulnerability. |
|
|
|
|
|
|
|
