Empirical Software Engineering and Measurement, International Symposium on, Metrisec vol:0 issue:0 edition:3 pages:555-564
International Symposium on Empirical Software Engineering and Measurement edition:3rd location:Lake Buena Vista, Florida, USA date:15-16 October 2009
Security principles like least privilege and attack surface reduction play an important role in the architectural phase of security engineering processes. However, the interplay between these principles and the side effects of the application of these secure design strategies on architectural qualities like maintainability have not been studied so far. Therefore it is hard to make informed trade-off decisions between security principles and between security and other qualities. This paper tackles this problem from a quantitative perspective by presenting the experimental results in the context of three case studies.