Tradeoff Analysis of Misuse CaseBased Secure Software Architectures A Case Study.pdfVIP

Trade-off Analysis of Misuse Case-based Secure Software Architectures: A Case Study 1 2 Joshua J. Pauli , Dianxiang Xu 1 Dakota State University, Madison, SD USA 57042 Josh.Pauli@dsu.edu 2 North Dakota State University, Fargo, ND USA 58105 Dianxiang.Xu@ndsu.edu Abstract. Based on the threat-driven architectural design of secure information systems, this paper introduces an approach for the tradeoff analysis of secure software architectures in order to determine the effects of security requirements on the system. We use a case study on a payroll information system (PIS) to show the approach from misuse case identification through the architecture tradeoff analysis. In the case study, we discuss how to make tradeoff between security and availability with respect to the number of servers present. 1 Introduction In today’s software world, there is a great need for making software resistant to po- tential attacks [5,6]. Based on the threat-driven architectural design of secure software [12], this paper introduces an approach for the tradeoff analysis of secure software architectures. Tradeoff analysis is needed to determine the effects of non-functional requirements on the system. For most software there is no clear mapping from re- quirements specifications to architecture design. With use cases, misuse cases, and mitigation use cases as the source, requirements include both the functional uses and security related issues of the system. Our previous architectural analysis approach takes the completed use case model into account