{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T06:43:26Z","timestamp":1740120206965,"version":"3.37.3"},"reference-count":26,"publisher":"World Scientific Pub Co Pte Ltd","issue":"02","funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61872078"],"award-info":[{"award-number":["61872078"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"the Huawei Technologies Co., Ltd","award":["TC20210817028"],"award-info":[{"award-number":["TC20210817028"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Soft. Eng. Knowl. Eng."],"published-print":{"date-parts":[[2024,2]]},"abstract":"<jats:p>Software architecture security design is a key stage in developing business-oriented system, such as business-critical system, ICT system and AI system. Many typical accidents also remind us that the security of software architecture even plays a more important role than the code security in most software systems. However, there are very few researches which focus on the security of software architecture. Especially, we don\u2019t find a systematic and feasible quantitative method to evaluate the security of software architecture. To fill this gap, we launched a research project focusing on software architecture security since 2019 and try to provide a series of quantitative methods for evaluating the security of software architecture. In this paper, a business-oriented quantitative method was proposed to evaluate the security of software architecture from the view of business-critical security insurance. In our method, both business dependency graph (BDG) and multi-hierarchical dependency graph (MHDG) are defined and constructed first for describing businesses and their relationships, and system components and their relationships; then, attack points and business key-points are identified and labeled on BDG and MHDG; and further, all potential attack paths and effective attack paths in the system based on MHDG are detected; and finally, a set of security indicators is defined and used to evaluate the security of software architecture quantitatively. For more effective experiments, we use software architectures with different styles and different evolution versions. Experimental results show that our method can reflect effectively the security characteristics of software architecture with different styles, can find the security changes of different architecture evolution versions for the same system, and can perform quantitative evaluation of software architecture security efficiently.<\/jats:p>","DOI":"10.1142\/s0218194023500511","type":"journal-article","created":{"date-parts":[[2023,8,28]],"date-time":"2023-08-28T08:01:25Z","timestamp":1693209685000},"page":"239-271","source":"Crossref","is-referenced-by-count":0,"title":["A Business-Oriented Methodology to Evaluate the Security of Software Architecture Quantitatively"],"prefix":"10.1142","volume":"34","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5381-0283","authenticated-orcid":false,"given":"Hao","family":"Chen","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Southeast University, Nanjing, Jiangsu Province, 211189, P.\u00a0R.\u00a0China"}]},{"given":"Shengyang","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Southeast University, Nanjing, Jiangsu Province, 211189, P.\u00a0R.\u00a0China"}]},{"given":"Chen","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Southeast University, Nanjing, Jiangsu Province, 211189, P.\u00a0R.\u00a0China"}]},{"given":"Zheng","family":"Dai","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Southeast University, Nanjing, Jiangsu Province, 211189, P.\u00a0R.\u00a0China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9916-4790","authenticated-orcid":false,"given":"Bixin","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Southeast University, Nanjing, Jiangsu Province, 211189, P.\u00a0R.\u00a0China"}]}],"member":"219","published-online":{"date-parts":[[2023,9,26]]},"reference":[{"key":"S0218194023500511BIB002","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2018.06.073"},{"key":"S0218194023500511BIB003","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.05.011"},{"key":"S0218194023500511BIB004","doi-asserted-by":"crossref","first-page":"286","DOI":"10.1109\/APSEC.2002.1182998","volume-title":"Ninth Asia-Pacific Software Engineering Conf.","author":"Choi H.","year":"2002"},{"key":"S0218194023500511BIB005","doi-asserted-by":"publisher","DOI":"10.1145\/3492762"},{"key":"S0218194023500511BIB006","first-page":"12","volume-title":"2023 IEEE 20th Int. Conf. Software Architecture","author":"Greiner S.","year":"2023"},{"key":"S0218194023500511BIB007","doi-asserted-by":"publisher","DOI":"10.1109\/52.469759"},{"key":"S0218194023500511BIB008","volume-title":"Business Modeling with UML","volume":"12","author":"Eriksson H.-E.","year":"2000"},{"journal-title":"Rational Edge","year":"2003","author":"Heumann J.","key":"S0218194023500511BIB009"},{"key":"S0218194023500511BIB010","doi-asserted-by":"publisher","DOI":"10.1145\/310889.310919"},{"key":"S0218194023500511BIB011","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-0977-9_1"},{"key":"S0218194023500511BIB015","doi-asserted-by":"publisher","DOI":"10.1007\/s11219-005-4251-0"},{"key":"S0218194023500511BIB016","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCT.2011.6075131"},{"key":"S0218194023500511BIB017","doi-asserted-by":"publisher","DOI":"10.1145\/1842752.1842795"},{"key":"S0218194023500511BIB018","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606612"},{"key":"S0218194023500511BIB019","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSIT.2010.5564015"},{"key":"S0218194023500511BIB020","doi-asserted-by":"publisher","DOI":"10.1109\/WICSA.2011.25"},{"key":"S0218194023500511BIB021","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950356"},{"key":"S0218194023500511BIB022","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2013.6693092"},{"key":"S0218194023500511BIB023","doi-asserted-by":"publisher","DOI":"10.1109\/ICSA.2019.00009"},{"key":"S0218194023500511BIB024","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2021.111138"},{"key":"S0218194023500511BIB025","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-30806-7_4"},{"key":"S0218194023500511BIB026","doi-asserted-by":"publisher","DOI":"10.1145\/3365438.3410954"},{"key":"S0218194023500511BIB027","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2021.111003"},{"key":"S0218194023500511BIB028","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-48992-6_21"},{"key":"S0218194023500511BIB029","doi-asserted-by":"publisher","DOI":"10.1109\/ICSA-C50368.2020.00024"},{"key":"S0218194023500511BIB030","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2021.102631"}],"container-title":["International Journal of Software Engineering and Knowledge Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.worldscientific.com\/doi\/pdf\/10.1142\/S0218194023500511","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,26]],"date-time":"2024-10-26T22:58:38Z","timestamp":1729983518000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.worldscientific.com\/doi\/10.1142\/S0218194023500511"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,26]]},"references-count":26,"journal-issue":{"issue":"02","published-print":{"date-parts":[[2024,2]]}},"alternative-id":["10.1142\/S0218194023500511"],"URL":"https:\/\/doi.org\/10.1142\/s0218194023500511","relation":{},"ISSN":["0218-1940","1793-6403"],"issn-type":[{"type":"print","value":"0218-1940"},{"type":"electronic","value":"1793-6403"}],"subject":[],"published":{"date-parts":[[2023,9,26]]}}}