Analyzing Structural Security Posture to Evaluate System Design Decisions

Software systems are increasing in complexity, with attendant increases in the number of vulnerabilities they contain. Remediating these vulnerabilities, ideally during the early requirements and design phases, has been highly resource-intensive, and is often omitted due to lack of knowledge, time,...

Full description

Saved in:
Bibliographic Details
Main Authors: Samuel, Joe, Jaskolka, Jason, Yee, George O. M.
Format: Conference Proceeding
Language:English
Subjects:
Conferences
Measurement
Reliability engineering
security indicators
security metrics
security posture
Soft sensors
Software quality
Software reliability
Software systems
structural view
system design
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software systems are increasing in complexity, with attendant increases in the number of vulnerabilities they contain. Remediating these vulnerabilities, ideally during the early requirements and design phases, has been highly resource-intensive, and is often omitted due to lack of knowledge, time, and/or funds. We propose an approach, applied in these early phases, to address the following issues: 1) to enhance the developer's security knowledge of the system, we introduce the notion of structural security posture, which uses a collection of metrics to assess a system's security based on its structural view, 2) to guide the identification of vulnerabilities, we leverage external security data sources, and 3) to address the issue of resource intensiveness, we offer a tool for evaluating and analyzing a system's structural security posture. We illustrate how our approach facilitates the evaluation of design decisions to improve security using an example.
ISSN:2693-9177
DOI:10.1109/QRS54544.2021.00012