Software Architecture Security Study Based On Attack Surface

As a security evaluation metrics, the attack surface has long been believed as an evaluation of the system’s exposure to the attacker in the security workshop, which pays attention to the interactive behavior of software system boundary. At present domestic and foreign study on the software security through the attack surfaces are mainly among the application of software development life cycle and lack of the research on software architecture stage. As we know, Software security is a non-functional requirement of software systems, and should be considered through the various stages in the software development life cycle. Taking account of the demand of security of software systems in the software architecture design stage can avoid the redesign of the system, promote the progress of software development, and improve the security of software system. Therefore, based on the attack surface metrics to study the security of software architecture has an important significance.In this background, this dissertation proposes the method to evaluate the software architecture security based on the attack surface. This dissertation is mainly studying the following aspects of the attack surface in software architecture.1、Using the component-connector view to define the meaning of software architecture’s attack surfaces, and then modeling the software architecture’s attack surfaces by architecture description language Acme. The larger the attack surfaces of software architecture, the more potential attack it has, and the less security the architect itself will be.2、According to the model of software architecture attack surfaces we built, this dissertation analysis the attribute of the attack surfaces resources, then put forward the evaluation method of software architecture for security based on attack surfaces, this method can help software developers find defects in software system as soon as possible, and generate the corresponding solutions.3、In order to reduce the attack surface of software architecture, we should make the transformation of software architecture. This dissertation then talks about how to reduce the attack surface by software architecture transformation.4、Through an experimental case, This dissertation introduces the evaluation process and verify the feasibility of the method.