Polaris: Structural Security Posture Analysis Tool
Polaris is a web-based system modelling and analysis tool to design, analyze, and manage the structural security posture of a software system. It allows anyone with a web browser to design and analyze the structural security posture of their system. Polaris simplifies the structural security posture analysis into three steps: Design, Analyze, and Summarize.
Polaris helps system architects, developers, evaluators, and certifiers analyze their system’s structural security posture. Structural security posture is a security evaluation approach to evaluate a system’s preparedness to deal with knowable threats based on its structural view and to enhance the developer’s security knowledge of the system. The structural security posture uses a collection of metrics to reflect a system’s security. It also leverages external data sources to guide the identification of vulnerabilities (thanks to integration with Merak). Polaris also enables practitioners to perform what-if analyses to improve their system’s security and make appropriate design decisions.
Related Publications
- Joe Samuel, Jason Jaskolka, and George O.M. Yee. Analyzing structural security posture to evaluate system design decisions. In Proceedings of the 21st IEEE International Conference on Software Quality, Reliability, and Security, QRS 2021, page 8-17, Hainan Island, China, 2021.
- Joe Samuel. A Data-Driven Approach to Evaluate the Security of System Designs. Master’s Thesis, Carleton University, Ottawa, ON, Canada, 2021.