SATURN 2015: The Architectural Analysis for Security (AAFS) Method

Jungwoo Ryoo, Pennsylvania State University, and Rick Kazman, University of Hawaii and Carnegie Mellon Software Engineering Institute

by Jacob Tate, Mount St. Mary’s University

In his talk titled “Architectural Analysis for Security (AAFS),” Jungwoo Ryoo explained that there is an absence of security practices in software architecture. His research concerns developing and implementing a methodology to test and secure software systems starting at the design phase. The architectural analysis is basically a structured way of discovering these security issues. It has frequently been common to implement methods like this after the design of the system, and Dr. Ryoo warned against this.

The method that he and his team developed has the following three steps: tactic-oriented analysis, pattern-oriented analysis, and vulnerability-oriented analysis. The first two steps should be conducted during the design phase by talking to an architect and identifying exactly how the system is designed and what patterns exist. The vulnerability-oriented analysis is usually concerned with software weaknesses, so this step usually deals with the actual code.

This method is not built completely from scratch, however. There are repositories that record vulnerabilities, and these can be useful resources. For example, the CWE categorizes various vulnerabilities and attacks such as SQL injection and XSS or cross-site scripting. Architects should take these types of security threats into account during the architecting or design phase. The future of this research project will focus on implementing this methodology on more case studies and then mapping between the patterns that are found and the CWE entries.

How do you ensure security in your architecture? Would you like to be involved in a case study? Leave a comment and let us know what you think! Also, look for an article in an IEEE publication concerning this research topic.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s