For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
993
views
0
references
 Top references
cited by
0
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    0
    shares
      102
      similar
       All similar

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Assessment of a Framework for Designing and Evaluating Security Sensitive Architecture

      proceedings-article
      Author(s):
      Publication date (Print):
      Conference name: 12th International Conference on Evaluation and Assessment in Software Engineering (EASE) (EASE)
      Conference theme: Evaluation and Assessment in Software Engineering (EASE)
      Conference date: 26 - 27 June 2008
      Keywords: Software architecture evaluation, security attributes, technology assessment, empirical studies
      Bookmark

            Abstract

            Background: We have developed an Architectural Level Security Analysis Framework (ALSAF), which can be used to consider and address security related issues at software architecture level. Goal: Our goal was to empirically assess the usefulness of ALSAF for identifying security attributes and security design patterns for satisfying those attributes during architecture design and evaluation. Assessment approach: The reported assessment was performed with one pilot study and one Quasiexperiment. In the main study, there were 19 software development professionals who participated in the study after attending a training course. The participants were required to identify security attributes and security design patterns suitable for achieving those attributes based on a given list of security properties. One group (control group) was given the textual description of security patterns, attributes, and properties, the other group (treatment group) was given ALSAF as well as the document provided to the control group. The outcome variables were security attributes and security patterns for a Web-based system, whose requirements were provided to the participants. Result: The average score for identifying security attributes for the treatment group was 4.56 and for the control group was 2.60. The difference between the groups was significant using Mann-Whiney test (p=0.011). The average score for identifying the security patterns for the treatment group was 5.78 and for the control group was 2.8. Mann-Whitney test revealed that the difference between the groups was again significant at (p=0.022). Post-study questionnaire revealed that majority of the participants were convinced of the usefulness of ALSAF in identifying and understanding the relationships between security attributes, properties, and patterns for supporting architectural level security analysis. Conclusion: The findings provide an initial evidence to support the claim of the usefulness of ALSAF for supporting security sensitive analysis during architecture design and evaluation.

            Content

            Author and article information

            Contributors
            Muhammad Ali Babar
            Conference
            Publication date: June 2008
            Publication date (Print): June 2008
            Pages: 1-10
            Affiliations
            [0001]Lero, University of Limerick, Ireland
            Article
            DOI: 10.14236/ewic/EASE2008.17
            SO-VID: b1a6a685-38a3-4919-a653-d47682a8bd48
            Copyright © © Muhammad Ali Babar et al. Published by BCS Learning and Development Ltd. 12th International Conference on Evaluation and Assessment in Software Engineering (EASE)
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 12th International Conference on Evaluation and Assessment in Software Engineering (EASE)
            Conference acronym: EASE
            Conference number: 12
            Conference location: University of Bari, Italy
            Conference date: 26 - 27 June 2008
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: Evaluation and Assessment in Software Engineering (EASE)
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/EASE2008.17
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Keywords: Software architecture evaluation,security attributes,technology assessment,empirical studies

            Comments

            Comment on this article