Complexity Measures for Secure Service-Orieted Software Architectures

Complexity Measures for Secure Service-Oriented Software Architectures Michael Yanguo Liu, Issa Traore Department of Electrical and Computer Engineering University of Victoria, Canada Email: yliu,itraore@ece.uvic.ca

Overview
Problem Statement
Some Related Works
Our Approaches
Measurement Framework
Empirical Study
Conclusion and Future Work

Software systems that run in open environments are facing more and more attacks or intrusions. This situation has brought security concerns into the software development process. Generally, software services are expected not only to satisfy functional requirements but also to be resistant to malicious attacks.
Traditional approach to software security engineering referred to as “penetrate and patch” consists of fixing security flaws after they have been exploited. It is still an open challenge on how to address security issues in early stage of software development.
Techniques like threat modelling, misuse identification, attack tree help analyze software security on architecture level, but still requires human expertise to be involved for architecture evaluation against security concerns.
The use of software metrics as cost-effective quality predictors is widely accepted in the software community, both in academia and industry. However, there lack of quantitative and objective approaches for security analysis of software products on architectural level.
Problem Statement
Some Related Work
Our Approach
Empirical Study

Saltzer et.al. summarized in 1975 several security design principles for engineering secure software systems. These principles have been so far used as informally or ad hoc basis by security analysts.
Kazman et. al presented in 1996 the Software Architecture Analysis Method (SAAM) that is a scenario-based methodology to evaluate quality factors of software architecture .
To allow security specification and validation using UML, Jurjens proposed a framework to express security-related information explicitly using UML modeling elements and evaluate such artefact using an underlying formal model.
Howard et al. proposed to use attack surface to determine whether one version of software application has less attackability than another. They define attack surface in terms of system actions that are externally visible to system’s users and the resources accessed or modified by each action .
Ortalo et al. proposed a measurement framework for assessing the difficulties of attackers to compromise a software system in terms of specific attack scenarios. Their measurement is based on a description model of attack scenarios, so called privilege graph.
Problem Statement
Some Related Work
Our Approach
Empirical Study

Problem Statement
Some Related Work
Our Approach
Empirical Study

Problem Statement
Some Related Work
Our Approach
Empirical Study
Internal Security Attributes with Formalized Properties
Service Complexity
Service Coupling
Service Excess Privilege
Service Mechanism Strength

Security Measurement Abstraction – USIE Model
Problem Statement
Some Related Work
Our Approach
Empirical Study
The dependencies among the supporting services of the Ordering Service can be characterized as follows: 1) service register is always active before the other supporting services ; 2) services logout and update account are always active after login ; service delivery is active after service process payment ; 3) service process payment is active only after both service checkout cart and login are active.

Sample Service Complexity Metric
Problem Statement
Some Related Work
Our Approach
Empirical Study
Measure of Service Complexity: Given a composite service cs and its USIE model , the Average Service Depth ( ASD ) for is defined as

Attackability Measures for URL Jumping Attack
Problem Statement
Some Related Work
Our Approach
Empirical Study
Generally, we compute the relative attackability by the ratio
.
Measure of URL Jumping Attack Effort:
Measure of URL Jumping Attack Reward:

Target Application: The Online Flower Shop System
Problem Statement
Some Related Work
Our Approach
Empirical Study

Study Environment
Problem Statement
Some Related Work
Our Approach
Empirical Study

Problem Statement
Some Related Work
Our Approach
Empirical Study
Measurement Results Table 1. Metric Values of Service Complexity Table 2. Relative URL Jumping Attackability (Attack Award = 1) 1.71 Customer Order Service 3 0.5 Customer Shopping Service 2 0.25 Administrator Service 1 ASD(Service i ) Service i No. 0.333 0.143 0 20 0.5 0.2 0 19 0.2 0.25 0 18 0.25 0.2 0 17 0.333 0.143 0 16 0.333 0.333 0 15 0.167 0.25 0 14 0.5 0.25 0 13 0.25 0.25 0 12 0.25 0.2 0 11 0.333 0.25 0 10 1 0.167 0 9 0.2 0.25 0 8 0.2 0.167 0 7 0.25 0.2 0 6 0.333 0.25 0 5 0.5 0.143 0 4 0.333 1 0 3 0.25 0.167 0 2 0.2 0.25 0 1 Order Service Shopping Service Administrator Service Experiment No.

Problem Statement
Some Related Work
Our Approach
Empirical Study
Analysis of the Results Table 3. Correlation Coefficients for ASD Metric and Relative URL Jumping Attackability Figure 6. Analysis Results of Correlation Coefficients 0.960636 20 0.969439 19 0.474372 18 0.767224 17 0.960636 16 0.632190 15 0.345139 14 0.934899 13 0.632190 12 0.767224 11 0.799306 10 0.999991 9 0.474372 8 0.743894 7 0.767224 6 0.799306 5 0.992740 4 -0.029715 3 0.850200 2 0.474372 1 Correlation Coefficients Experiment No.

In this work, we have proposed a framework which can be used to assess systematically and objectively attackability in early stage of software development.
Using this framework, we have studied through empirical investigation the relationship between a service complexity metric and the URL Jumping attackability.
We recognize that it is not sufficient to infer a general correlation between the measured structural complexity and the likelihood of successful attack based on only one case study. Although many empirical studies would be required to draw a general conclusion, the current study is a good step in this direction.
In the future, we plan to investigate using the methodology of case study more empirical relationship between various attackability and software security related attributes.
Problem Statement
Some Related Work
Our Approach
Empirical Study

Complexity Measures for Secure Service-Orieted Software Architectures

by promise07 on May 20, 2007

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 5

Statistics

Complexity Measures for Secure Service-Orieted Software Architectures — Presentation Transcript