Asset-Centric Security Risk Assessment of Software Components

Risk management is a crucial process for the development of
secure systems. Valuable objects (assets) must be identified
and protected. In order to prioritize the protection mechanisms,
the values of assets need to be quantified. More
valuable or exposed assets require more powerful protection.
There are many risk assessment approaches that aim to provide
a metric to generate this quantification for different domains.
In software systems, these assets are reflected in resources
(e.g., a file with important information) or functional
software components (e.g., performing a bank transfer). To
protect the assets from different threats like unauthorized
access, other software components (e.g., an authenticator)
are used. These components are essential for the asset's
security properties and should therefore be considered for
further investigation such as threat modeling. Evaluating
assets only at system level may hide threats that originate
from vulnerabilities in software components while doing an
extensive threat analysis for all the system's components
without prioritization is not feasible all the time.
In this work, we propose a metric that quantifies software
components by the assets they are able to access. Based on a
component model of the software architecture, it is possible
to identify trust domains and add filter components that
split these domains. We show how the integration of the
methodology into the development process of a distributed
manufacturing system helped us to identify critical sections
(i.e., components whose vulnerabilities may enable threats
against important assets), to reduce attack surface, to find
isolation domains and to implement security measures at the
right places.