Web Application Architecture Security Evaluation Method Based On AADL

Nowadays,the web application are almost all over the network.It is closely related with people’s daily life.In recent years,Web application security vulnerabilities appear constantly.The negative influence brought by security problems is more and more big,even threatening the human life.This paper proposes a web application architecture security evaluation method based on AADL to identify potential risks of architecture.From the perspective of security architecture model,we establish an evaluation method for Web application security architecture of existing security mechanisms and potential security threat assessment framework architecture.In this method,we build an AADL security model which contribute to detect risks of architecture.With the help of a tool,we can automatically convert the AADL security model to an architecture security model.Then,we apply analytic hierarchy process to the architecture security model.In the end,we can get security conclusions of the architecture and improve security measures based on security conclusions.This paper describes the whole process of the architecture security evaluation in details.The experiment demonstrates that the method not only improves efficiency of the evaluation,but also makes security evaluation process more objective and accurate.In addition,this paper implements the architecture security model conversion tool,to provide a strong support for the evaluation process of half automation.If we assess the security of architecture in the architecture design stage of the Web application development,we can quickly find security risks existing in the Web application,and timely correct them.