MITS5002 Software Engineering Methodology - Research Report - Assignment Help

Introduction

Software architecture is defined as complex structures that make up a software system as well as the discipline needed to come up with such.  It plays a significant role in ensuring that developed systems are sound and flexible. Notably, coming up with a program architecture is not only challenging but also expensive. Thus, it is more preferable to make changes in the process of development rather than wait until a system is complete [1]. Flaws are detected and identified through analysis of architecture. Besides detecting flaws, analysis helps in verifying various system aspects such as level of maintainability, usability, safety as well as ability to resist external and internal attacks.

Today, these attributes can be measured through scenario and metric based architectural analysis methodologies. Scenario based approach depends on a number of scenarios created through a brainstorming session [1]. Conversely, metric based aims at coming up with specific metrics against which attributes are assessed.

Notably, numerous flaws discovered during analysis are related to security. Normally, evaluation of security capabilities of systems is carried out during all phases of systems development. Specifically, architecture security risk scrutiny is done during design stage [1]. The main aim of this process is to detect inconsistencies in system design as well as architecture.

Even though these techniques have greatly aided in early detection of security loopholes, they are insufficient. For instance, they lack automated tools to carry out assessment. Likewise, these techniques are limited in terms of operation environment for systems. This article introduces a new concept to address aforementioned limitations called architectural security analysis schema. Given an attack scenario, a schema will capture numerous details such as pre-conditions, categories, results and signatures. Vulnerability is identified through attack signatures. Any developer can customize their own signatures as long as they understand Object Constraint Language (OCL) [1]. Additionally, OCL is used in designing architectural security metrics for assessing system soundness. Briefly, this paper discusses common scenarios and metrics of architecture security analysis based on OCL, a detailed explanation and implementation of this approach then finalizes with a summary of assessment results. 

Scenarios Analysis

This section highlights a number of common scenarios that have been effectively used in assessing system vulnerability. To begin with, there is man-in-the-middle attack [1]. In this scenario, communication between two elements is intercepted by a foreign object. By intercepting, the signature created is components operating in an insecure environment.