Automated Software Architecture Security Risk Analysis Using Formalized Signatures
Reviewing software system architecture to pinpoint potential security flaws before proceeding with system development is a critical milestone in secure software development. This includes identifying possible attacks or threat scenarios that target the system and may result in breaching of system security. Additionally the authors may also assess the strength of the system and its security architecture using well-known security metrics such as system attack surface, Compartmentalization, least-privilege, etc. However, existing efforts are limited to specific, predefined security properties or scenarios that are checked either manually or using limited toolsets.