| With the rapid development of the Internet and the popularization of computerapplication, the software security is more and more important. Recently the statisticaldata shows that a considerable proportion of the security problems are caused insoftware design stage. It is popular agreed that in the field of software developmentthe earlier problem solved the less cost will be spent.Therefore, this paper presents a quantitative architecture security evaluationmethod based on security of the architecture components. This method evaluates thesecurity efforts from the perspective of security measures of the components andestablishes a whole architecture security evaluation procedure. This method translatesexpertise into security tree model, and this tree model is used for characterizingsecurity of the components. At the same time, this method summed up commoncomponent categories and establishes the the mappings between tree model andcomponent categories according to the correspondence between the componentcategories and common security measures, then an integration process applies analytichierarchy process (AHP) and fuzzy evaluation analysis to determine quantitative andqualitative factors in evaluating the security of components.This paper describes the whole process to analysis the security evaluation indetails and verifies the effectiveness of the method though the analysis of theevaluation process and evaluation results. Finally, a component-based securityarchitecture security evaluation tool which is for the realization of the semi-automatedevaluate is provided. |
PDF Full Text Request