Formal security analysis for software architecture design: An expressive framework to emerging architectural styles

Abstract

Analysing security in the architecture design of modern software systems is a challenging task. Emerging technologies utilised in building software systems may pose security threats, so software engineers need to consider both the structure and behaviour of architectural styles that employ these supporting technologies. This paper presents an automated approach to security analysis that helps to identify security characteristics at the architectural level. Key techniques used by our approach include the use of metrics, vulnerability identification and attack scenarios. Our modelling is expressive in defining architectural styles and security characteristics. Our analysis approach gives insightful results that allow software engineers to trace through the design to find parts of the system that may be impacted by attacks. We have developed an analysis tool that allows user to seamlessly model the software architecture design and analyse security. The evaluation has been conducted to assess the accuracy and performance of our approach. The results show that our analysis approach performs reasonably well to analyse the security in the architectural design. • Emerging technologies utilised in software systems may pose security threats. • Our approach helps to identify security characteristics at the architectural level. • Our approach applies metrics to measure security and trace attack scenarios. • The insightful results allows tracing the design to identify impacts by the attacks. • Our approach is expressive to define other security metrics and architecture styles.