Measuring the interplay of security principles in software architectures

2009 3rd International Symposium on Empirical Software Engineering and Measurement, ESEM 2009

Volumn , Issue , 2009, Pages 554-563

  Buyens, Koen ^a   Scandariato, Riccardo ^a   Joosen, Wouter ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

ARCHITECTURAL QUALITY; DESIGN STRATEGIES; LEAST PRIVILEGE; SECURITY ENGINEERING; SECURITY PRINCIPLES; SIDE EFFECT; SURFACE REDUCTION;

COMPUTER SOFTWARE; MAINTAINABILITY; SOFTWARE ARCHITECTURE;

NETWORK SECURITY;

EID: 72449210147     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ESEM.2009.5315968     Document Type: Conference Paper

References (21)

1. D. J. Bernstein. Some thoughts on security after ten years of qmail 1.0. In CSAW '07, pages 1-10. ACM, 2007.
2. D. Brumley and D. Song. Privtrans: Automatically partitioning programs for privilege separation. In USENIX 13, August 2004.
3. K. Buyens, B. De Win, and W. Joosen. Identifying and resolving least privilege violations in software architectures. In ARES, 2009.
4. K. Buyens, B. De Win, and W. Joosen. Resolving least privilege violations in software architectures. In SESS '09, 2009.
5. K. Buyens, R. Scandariato, and W. Joosen. Process activities supporting security principles. In IWSSE '07, 2007.
6. E. Dashofy, H. Asuncion, S. Hendrickson, G. Surya-narayana, J. Georgas, and R. Taylor. Archstudio 4: An architecture-based meta-modeling environment. In ICSE COMPANION '07, pages 67-68, 2007.
7. H. Fahmy and R.C. Holt. Software architecture transformations. In Proceedings of the International Conference on Software Maintenance (ICSM 2000), pages 88-96, 2000.
8. N. Fenton and S.L. Pfleeger. Software metrics: a rigorous and practical approach. PWS Publishing Co. Boston, MA, USA, 1997.
9. S. Höhn and J. Jürjens. Rubacon: automated support for model-based compliance engineering. In ICSE 13, pages 875-878, 2008.
10. A. Jaquith. Security metrics: replacing fear, uncertainty, and doubt. Addison-Wesley Professional, 2007.
11. J. Jürjens. Secure Systems Development With UML. Springer, 2005.
12. D. Van Landuyt, J. Gregoire, S. Michiels, E. Truyen, and W. Joosen. Architectural design of a digital publishing system. Technical report, Katholieke Univer-siteit Leuven, October 2006.
13. M. Lindvall, R.T. Tvedt, and P. Costa. An empirically-based process for software architecture evaluation. Empirical Software Engineering, 8(1):83-108, 2003.
14. P. K. Manadhata, D. K. Kaynar, and J. M. Wing. A formal model for a system's attack surface. Technical report, Carnegie Mellon University (CMU), July 2007.
15. R.C. Martin. Agile software development: principles, patterns, and practices. Prentice Hall PTR Upper Saddle River, NJ, USA, 2003.
16. T. Mens and T. Tourwé. A survey of software refactoring. IEEE Transactions of Software Engineering, 30(2):126-139, 2004.
17. M. Morandini, D.C. Nguyen, A. Perini, A. Siena, and A. Susi. Tool-supported development with tropos: The conference management system case study. In AOSE 8, pages 182-196. Springer, 2008.
18. N. Provos. Systrace - interactive policy generation for system calls.
19. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, Sept. 1975.
20. R. Scandariato, B. De Win, and W. Joosen. Towards a measuring framework for security properties of software. In Quality of Protection '06, pages 27-30, 2006.
21. F. B. Schneider. Enforceable security policies. ACM Trans. Inf. Syst. Secur., 3(1):30-50, 2000.