Measuring the interplay of security principles in software architectures

Security principles like least privilege and attack surface reduction play an important role in the architectural phase of security engineering processes. However, the interplay between these principles and the side effects of the application of these secure design strategies on architectural qualities like maintainability have not been studied so far. Therefore it is hard to make informed trade-off decisions between security principles and between security and other qualities. This paper tackles this problem from a quantitative perspective by presenting the experimental results in the context of three case studies.status: publishe