Security evaluation of service-oriented systems with an extensible knowledge base

Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Volumn , Issue , 2011, Pages 698-703

  Jung, Christian ^a   Rudolph, Manuel ^a   Schwarz, Reinhard ^a  

^a FRAUNHOFER IESE   (Germany)

Author keywords

Security; Security evaluation, architecture centric software assessment, service oriented architectures

Indexed keywords

BUILDING BLOCKES; BUSINESS PROCESS; HARD PROBLEMS; KNOWLEDGE BASE; PROTOTYPE TOOLS; SECURITY; SECURITY EVALUATION; SECURITY RULES; SERVICE ORIENTED; SERVICE ORIENTED SYSTEMS; SERVICE-ORIENTED SOFTWARE ARCHITECTURES; STATIC SECURITY ANALYSIS; UNDERLYING PRINCIPLES;

AGGLOMERATION; COMPUTER SOFTWARE REUSABILITY; COMPUTER SOFTWARE SELECTION AND EVALUATION; INFORMATION SERVICES; INTEROPERABILITY; KNOWLEDGE BASED SYSTEMS; QUALITY ASSURANCE; REUSABILITY; SOFTWARE ARCHITECTURE; SOFTWARE RELIABILITY;

SERVICE ORIENTED ARCHITECTURE (SOA);

EID: 80455140276     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2011.109     Document Type: Conference Paper

References (17)

1. th European Conference on Software Architecture: Companion Volume (ECSA '10), Copenhagen, Denmark, Aug. 2010
2. H. Peine, M. Jawurek, S. Mandel: Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection. High Assurance Systems Engineering Symposium (HASE'08), Nanjing, China, Dec. 2008
3. th European Conference on Software Maintenance and Reengineering (CSMR), Kaiserslautern, Germany, March 2009
4. Apache Tuscany: http://tuscany.apache.org/ (last accessed Feb. 2011)
5. Service Component Architecture (SCA), http://www.osoa.org/display/Main/ Service+Component+Architecture+Home (last accessed Feb. 2011)
6. Microsoft: FxCop: http://msdn.microsoft.com/en-us/library/bb429476.aspx (last accessed March 2011)
7. D. Hovemeyer, W. Pugh: Finding Bugs is Easy. 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'04), Vancouver, British Columbia, Canada, Oct. 2004
8. ITS4: A Static Vulnerability Scanner for C and C++ code. ACM Transactions on Information and System Security 5(2), May 2002
9. D. Larochelle, D. Evans: Statically Detecting Likely Buffer Overflow Vulnerabilities. 10th Usenix Security Symposium, Aug. 2001
10. th Usenix Security Sysmposium, Aug. 2005
11. L. Dobrica, E. Niemelä: A Survey on Software Architecture Analysis Methods. IEEE Transaction on Software Enegineering, Vol. 28, No. 7, July 2002
12. th International Conference on Software Engineering (ICSE'94), Sorrento, Italy, May 1994
13. nd International Symposium on Engineering Secure Software and Systems (ESSoS 2010), Pisa, Italy, Feb. 2010.
14. K. Karppinen, M. Lindvall, L. Yonkwa: Detecting Security Vulnerabilities with Software Architecture Analysis Tools. International Conference on Software Testing Verification and Validation Workshop (ICSTW'08), Lillehammer, Norway, April 2008
15. th International Conference on Quality Software (QSIC'09), Aug. 2009
16. B. Schneier: Attack Trees. Dr Dobb's Journal, Vol..24, No.12, Dec. 1999
17. D. Byers, N. Shahmehri: Unified modeling of attacks, vulnerabilities and security activities. Position paper, 2010 ICSE Workshop on Software Engineering for Secure Systems (SESS'10), 23rd International Conference on Software Engineering (ICSE10), Cape Town, South Africa, May 2010