Back to Search
Start Over
An Approach to Analyze Vulnerability of Information Flow in Software Architecture
- Source :
- Applied Sciences, Vol 10, Iss 1, p 393 (2020)
- Publication Year :
- 2020
- Publisher :
- MDPI AG, 2020.
-
Abstract
- Current research on software vulnerability analysis mostly focus on source codes or executable programs. But these methods can only be applied after software is completely developed when source codes are available. This may lead to high costs and tremendous difficulties in software revision. On the other hand, as an important product of software design phase, architecture can depict not only the static structure of software, but also the information flow due to interaction of components. Architecture is crucial in determining the quality of software. As a result, by locating the architecture-level information flow that violates security policies, vulnerabilities can be found and fixed in the early phase of software development cycle when revision is easier with lower cost. In this paper, an approach for analyzing information flow vulnerability in software architecture is proposed. First, the concept of information flow vulnerability in software architecture is elaborated. Corresponding security policies are proposed. Then, a method for constructing service invocation diagrams based on graph theory is proposed, which can depict information flow in software architecture. Moreover, an algorithm for vulnerability determination is designed to locate architecture-level vulnerabilities. Finally, a case study is provided, which verifies the effectiveness and feasibility of the proposed methods.
- Subjects :
- software architecture
vulnerability
information flow vulnerability of software architecture
locating vulnerability
service invocation diagram
algorithm for determining vulnerability
Technology
Engineering (General). Civil engineering (General)
TA1-2040
Biology (General)
QH301-705.5
Physics
QC1-999
Chemistry
QD1-999
Subjects
Details
- Language :
- English
- ISSN :
- 20763417
- Volume :
- 10
- Issue :
- 1
- Database :
- Directory of Open Access Journals
- Journal :
- Applied Sciences
- Publication Type :
- Academic Journal
- Accession number :
- edsdoj.66c3b771e934824b77bc15aedf8b89a
- Document Type :
- article
- Full Text :
- https://doi.org/10.3390/app10010393