A Scenario-Based Framework for the Security Evaluation of Software Architecture

Software security has become a crucial component of software systems in today's market. However, software security development is still a maturing process. In this paper, we present an approach for assessing software architecture to determine how well it can satisfy intended security requirements. It is important to be able to assess the security of software under development at an early stage (e.g., the design stage). By doing so we are not only reducing the probability that flaws will be introduced and ensuring that stakeholder requirements have been met, but also focusing on a stage where changes will cost just a fraction of what they would cost in later stages (e.g. implementation). This paper reports on the ongoing development of a systematic security evaluation framework that aids in assessing the level of security supported by a given architecture and provides the ability to qualitatively compare multiple architectures with respect to their security support.