Title: A quantitative and knowledge-based approach to choosing security architectural tactics

Authors: Suntae Kim

Addresses: Department of Software Engineering, Chonbuk National University, 567 Baekje-daero, deokjin-gu, Jeonju-si, Jeollabuk-do, 561-756, Republic of Korea

Abstract: This paper presents a quantitative approach to choosing security architectural tactics using architectural tactic knowledge base. An architectural tactic is an architectural design building block pertaining to a software quality. The tactic knowledge base is a tactic repository composing of architectural tactic specifications defined in role based metamodelling language (RBML) and their relationships expressed in a feature model. In this paper, a cost of an architectural tactic is estimated by using the use case points method, and a level of tactic contribution for non-functional requirements (NFRs) is predicted by the analytic hierarchy process (AHP) and sensitivity analysis. Then, the proposed approach suggests the best possible fit which is likely to satisfy NFRs. We applied the approach to choosing security architectural tactics for building software architecture of an online trading system.

Keywords: security architectural tactics; secure software architecture; quantitative tactic selection; architectural tactic knowledge base; software quality; metamodelling; RBML; feature modelling; non-functional requirements; NFRs; analytical hierarchy process; AHP; sensitivity analysis; online trading systems.

DOI: 10.1504/IJAHUC.2015.067780

International Journal of Ad Hoc and Ubiquitous Computing, 2015 Vol.18 No.1/2, pp.45 - 53

Received: 14 Sep 2013
Accepted: 05 Mar 2014

Published online: 05 Mar 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article