Abstract-This paper presents a model for assessing security of enterprise systems. It focuses on the structural properties of enterprise systems' architectures in order to quantify their overall security. The model is built on the well-known three-tier architecture model and aims to identify the ways in which security-critical data values may be transferred between various components of the system's architecture. This paper extends the three-tier architecture model to add a fourth layer which defines a set of low-level security metrics developed based on systems' structural characteristics, such as data accessibility, coupling, cohesion and complexity. These metrics then are linked to relevant components of the three layers in the three-tier architecture model and hence defining a single security metric for each component. By combining security metrics of each layer's components, a single security index is defined that forms the security value of each layer. Finally, the entire system's security is summarised as a single security value. These metrics allow different architecture of the same system, or different systems with similar functionalities, to be compared for their relative security at a number of different abstraction levels at an early stage of development for any enterprise system. Index Terms-Security models, three-tier architecture, security metrics, enterprise systems.
I. INTRODUCTIONMuch existing software is designed with poor consideration of information security which makes it vulnerable to many threats including malicious attacks [1]. Software patches are one of the suggested solutions for many of the security attacks facing software [1] but they are expensive to develop and deploy, and do not solve basic design weaknesses in the program code. Another solution to achieve a secure product is by following a trustworthy security process [2]. Security processes, in general, consider many aspects of system design, coding, testing, and auditing [2] (e.g., international security standards such as the Common Criteria [3] or the Trusted Computer Criteria [4]). Another common approach for achieving a secure computer program is by following certain coding guidelines which focus on the level of individual program statements (e.g., to avoid/detect buffer overflows [5]). However, these solutions do not always work effectively and may, in general, even introduce new vulnerabilities to existing software [1].The most promising approach is the one which is capable of quantifying security of a given system at an early stage of development (i.e., security metrics). Several types of metrics Manuscript received September 14, 2013; revised November 25, 2013. B. M. Alshammari is with the Information Technology Department, University of Aljouf, Saudi Arabia (e-mail: bmshammeri@ju.edu.sa).have been defined in the literature which aim to measure security of programs. These include metrics which assess security at the abstract system architecture level [6], at the design phase [7], [8], and at the low level of program cod...