Model-driven architectural risk analysis using architectural and contextualised attack patterns.
This data was imported from Scopus:
Authors: Faily, S., Lyle, J., Namiluko, C., Atzeni, A. and Cameroni, C.
Journal: Proceedings of the Workshop on Model-Driven Security, MDsec 2012
A secure system architecture is often based on a variety of design and security model elements. Without some way of evaluating the impact of these individual design elements in the face of possible attacks, design flaws may weaken a software architecture. This paper illustrates how architectural and contextualised attack patterns can be used to formalise the elements of architectural attacks and possible defences. We illustrate how these patterns, and tool-support building upon them, can be used to automate an architectural risk analysis process. We demonstrate this approach using an example from the EU FP7 webinos project. © 2012 ACM.