DocumentCode
1924545
Title
SecArch: Architecture-level Evaluation and Testing for Security
Author
Al-Azzani, Sarah ; Bahsoon, Rami
Author_Institution
Sch. of Comput. Sci., Univ. of Birmingham, Birmingham, UK
fYear
2012
fDate
20-24 Aug. 2012
Firstpage
51
Lastpage
60
Abstract
We propose a novel approach that merges implied scenarios and race condition analysis techniques, to systematically detect and analyse security-related vulnerabilities at the architectural level. We apply our approach to an industrial case related to architecting systems interfacing the cloud. The application demonstrates an effective use of the approach, where the approach has detected securityrelated vulnerabilities in the architecture due to unexpected modes of interactions in such environment. Our approach was able to guide testers to detect critical security scenarios, which were not perceived during the inception phases or not captured using either of implied scenarios or race conditions detection techniques alone. We reflect on its applicability and scalability. We look into possible usage scenarios related to architectural-level testing for security and incremental refinements of the architecture following the detection of security vulnerabilities.
Keywords
program testing; security of data; software architecture; SecArch; architecture-level evaluation; race condition analysis; security testing; security-related vulnerabilities; Analytical models; Computer architecture; Heuristic algorithms; Security; Semantics; Servers; Testing; architecture evaluation; behaviour model; security testing; vulnerability;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), 2012 Joint Working IEEE/IFIP Conference on
Conference_Location
Helsinki
Print_ISBN
978-1-4673-2809-8
Type
conf
DOI
10.1109/WICSA-ECSA.212.13
Filename
6337761
Link To Document