—This paper presents a model for assessing security
of enterprise systems. It focuses on the structural properties of
enterprise systems’ architectures in order to quantify their
overall security. The model is built on the well-known three-tier
architecture model and aims to identify the ways in which
security-critical data values may be transferred between
various components of the system’s architecture. This paper
extends the three-tier architecture model to add a fourth layer
which defines a set of low-level security metrics developed
based on systems’ structural characteristics, such as data
accessibility, coupling, cohesion and complexity. These metrics
then are linked to relevant components of the three layers in the
three-tier architecture model and hence defining a single
security metric for each component. By combining security
metrics of each layer’s components, a single security index is
defined that forms the security value of each layer. Finally, the
entire system’s security is summarised as a single security value.
These metrics allow different architecture of the same system,
or different systems with similar functionalities, to be compared
for their relative security at a number of different abstraction
levels at an early stage of development for any enterprise
—Security models, three-tier architecture,
security metrics, enterprise systems.
B. M. Alshammari is with the Information Technology Department,
University of Aljouf, Saudi Arabia (e-mail: firstname.lastname@example.org).
Cite: Bandar M. Alshammari, "An Assessment Model for Security-Critical Enterprise Systems," International Journal of Information and Education Technology vol. 4, no. 4, pp. 323-327, 2014.