Authors:
Monica Buitrago
1
;
Isabelle Borne
1
and
Jérémy Buisson
2
Affiliations:
1
IRISA, Université de Bretagne Sud, France
;
2
CRéA,École de l’Air et de l’Espace, France
Keyword(s):
Software Architecture, Security-by-Design, Metric, Security, Model-Based Engineering.
Abstract:
Security-by-design considers security throughout the whole development lifecycle, to detect and fix potential issues as early as possible. With this approach, the software architect should assess some security level of the software architecture, to predict whether the software under development will have security issues. Previous works proposed several metrics to measure the attack surface, the attackability, and the satisfaction of security requirements on the software architecture. However, proving the correlation between these metrics and security is far from trivial. To circumvent this difficulty, we propose new metrics rooted in CWE, NIST guidelines and security patterns. So, our four novel metrics measure the conformance of the software architecture to these acknowledged security-related recommendations. The usage of our metrics is evaluated with case studies.