Title :
SecArch: Architecture-level Evaluation and Testing for Security
Author :
Al-Azzani, Sarah ; Bahsoon, Rami
Author_Institution :
Sch. of Comput. Sci., Univ. of Birmingham, Birmingham, UK
Abstract :
We propose a novel approach that merges implied scenarios and race condition analysis techniques, to systematically detect and analyse security-related vulnerabilities at the architectural level. We apply our approach to an industrial case related to architecting systems interfacing the cloud. The application demonstrates an effective use of the approach, where the approach has detected securityrelated vulnerabilities in the architecture due to unexpected modes of interactions in such environment. Our approach was able to guide testers to detect critical security scenarios, which were not perceived during the inception phases or not captured using either of implied scenarios or race conditions detection techniques alone. We reflect on its applicability and scalability. We look into possible usage scenarios related to architectural-level testing for security and incremental refinements of the architecture following the detection of security vulnerabilities.
Keywords :
program testing; security of data; software architecture; SecArch; architecture-level evaluation; race condition analysis; security testing; security-related vulnerabilities; Analytical models; Computer architecture; Heuristic algorithms; Security; Semantics; Servers; Testing; architecture evaluation; behaviour model; security testing; vulnerability;
Conference_Titel :
Software Architecture (WICSA) and European Conference on Software Architecture (ECSA), 2012 Joint Working IEEE/IFIP Conference on
Conference_Location :
Helsinki
Print_ISBN :
978-1-4673-2809-8
DOI :
10.1109/WICSA-ECSA.212.13
