Jie Ren
Richard Taylor
Paul Dourish
ABSTRACT
Security is a very important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an in-depth treatment of security. This paper argues for a more comprehensive treatment based on software connectors. Connectors provide a suitable vehicle to model, capture, and enforce security. Our approach models security principal, privilege, trust, and context of architectural constituents. Extending our existing architecture description language and support tools, our approach can facilitate describing the security characteristics of an architecture generating enabling infrastructure, and monitoring run-time conformance. Initial results of applying this approach are illustrated through a case study. The contribution of this research is a deeper and more comprehensive treatment of architectural security through software connectors.
- Allen, R. and Garlan, D., A Formal Basis for Architectural Connection. ACM Trans. Softw. Eng. Methodol., 1997. 6(3): p. 213--249. Google Scholar
Digital Library
- Bellovin, S. M., Security Problems in the Tcp/Ip Protocol Suite. ACM SIGCOMM Computer Communication Review, 1989. 19(2): p. 32--48. Google ScholarDigital Library
- Berghel, H., The Code Red Worm. Communications of the ACM, 2001. 44(12): p. 15--19. Google ScholarDigital Library
- Bidan, C. and Issarny, V. Security Benefits from Software Architecture. in Proceedings of 2nd International Conference on Coordination Languages and Models, p.64--80, 1997. Google ScholarDigital Library
- Bodoff, S., Armstrong, E., Ball, J., Carson, D., Evans, I., and Green, D., The J2ee#8482; Tutorial. 2nd Edition ed. 2004: Addison-Wesley Professional. Google ScholarDigital Library
- Clemm, G., Reschke, J., Sedlar, E., and Whitehead, J., Web Distributed Authoring and Versioning (Webdav) Access Control Protocol. RFC 3744, 2004. Google ScholarDigital Library
- Cuesta, C. E., Romay, M. P., Fuente, P. D. L., and Barrio-Solorzano, M. Reflection-Based, Aspect-Oriented Software Architecture. in Proceedings of 1st European Workshop on Software Architecture, p.43--56, 2004.Google Scholar
- Dashofy, E. M., van der Hoek, A., and Taylor, R. N. An Infrastructure for the Rapid Development of Xml-Based Architecture Description Languages. in Proceedings of Proceedings of the 24th International Conference on Software Engineering, p.266--276, 2002. Google ScholarDigital Library
- DeLine, R., Avoiding Packaging Mismatch with Flexible Packaging. IEEE Transactions on Software Engineering, 2001. 27(2): p. 124--143. Google ScholarDigital Library
- Deng, Y., Wang, J., Tsai, J. J. P., and Beznosov, K., An Approach for Modeling and Analysis of Security System Architectures. IEEE Transactions on Knowledge and Data Engineering, 2003. 15(5): p. 1099--1119. Google ScholarDigital Library
- DePaula, R., Ding, X., Dourish, P., Nies, K., Pillet, B., Redmiles, D., Ren, J., Rode, J., and Filho, R. S., In the Eye of the Beholder: A Visualization-Based Approach to Information System Security. Submitted to International Journal of Human-Computer Studies, 2005. Google ScholarDigital Library
- Ducasse, S. and Richner, T. Executable Connectors: Towards Reusable Design Elements. in Proceedings of 6th European conference held jointly with the 5th ACM SIGSOFT international symposium on Foundations of software engineering, p.483--499, 1997. Google ScholarDigital Library
- Filho, R. S. S., Souza, C. R. B. d., and Redmiles, D. F. The Design of a Configurable, Extensible and Dynamic Notification Service. in Proceedings of 2nd International Workshop on Distributed Event-based Systems, p. 1--8, 2003. Google ScholarDigital Library
- France, R., Ray, I., Georg, G., and Ghosh, S., Aspect-Oriented Approach to Early Design Modelling. IEE Proceedings-Software, 2004. 151(4): p. 173--185.Google ScholarCross Ref
- Jürjens, J. Umlsec: Extending Uml for Secure Systems Development. in Proceedings of UML '02: Proceedings of the 5th International Conference on The Unified Modeling Language, p.412--425, 2002. Google ScholarDigital Library
- Katara, M. and Katz, S. Architectural Views of Aspects. in Proceedings of Proceedings of the 2nd international conference on Aspect-oriented software development, p.1--10, 2003. Google ScholarDigital Library
- Lampson, B. W., A Note on the Confinement Problem. Communications of the ACM, 1973. 16(10): p. 613--15. Google ScholarDigital Library
- Lodderstedt, T., Basin, D. A., J, and Doser, R. Secureuml: A Uml-Based Modeling Language for Model-Driven Security. in Proceedings of UML '02: Proceedings of the 5th International Conference on The Unified Modeling Language, p.426--441, 2002. Google ScholarDigital Library
- Lopes, A., Wermelinger, M., and Fiadeiro, J. L., Higher-Order Architectural Connectors. ACM Transactions on Software Engineering and Methodology, 2003. 12(1): p. 64--104. Google ScholarDigital Library
- Magee, J. and Kramer, J. Dynamic Structure in Software Architectures. in Proceedings of Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering, p.3--14, 1996. Google ScholarDigital Library
- Medvidovic, N. and Taylor, R. N., A Classification and Comparison Framework for Software Architecture Description Languages. Software Engineering, IEEE Transactions on, 2000. 26(1): p. 70--93. Google ScholarDigital Library
- Mehta, N. R., Medvidovic, N., and Phadke, S. Towards a Taxonomy of Software Connectors. in Proceedings of 22nd International Conference on Software Engineering, p.178--187, 2000. Google ScholarDigital Library
- Moriconi, M., Qian, X., Riemenschneider, R. A., and Gong, L. Secure Software Architectures. in Proceedings of 1997 IEEE Symposium on Security and Privacy, p.84--93, 1997. Google ScholarDigital Library
- Ray, I., France, R., Li, N., and Georg, G., An Aspect-Based Approach to Modeling Access Control Concerns. Information and Software Technology, 2004. 46(9): p. 575--587.Google Scholar
- Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E., Role-Based Access Control Models. Computer, 1996. 29(2): p. 38--47. Google ScholarDigital Library
- Spitznagel, B. and Garlan, D. A Compositional Approach for Constructing Connectors. in Proceedings of 2nd Working IEEE/IFIP Conference on Software Architecture, p.148--157, 2001. Google ScholarDigital Library
- Sun, W. and Dai, Z. Aosam: A Formal Framework for Aspect-Oriented Software Architecture Specifications. in Proceedings of The 8th IASTED International Conference on Software Engineering and Applications, 2004.Google Scholar
- Tisato, F., Savigni, A., Cazzola, W., and Sosio, A. Architectural Reflection. Realising Software Architectures Via Reflective Activities. in Proceedings of 2nd International Workshop on Engineering Distributed Objects, p. 102--15, 2000. Google ScholarDigital Library
- Wing, J. M., A Call to Action: Look Beyond the Horizon. Security & Privacy Magazine, IEEE, 2003. 1(6): p. 62--67. Google ScholarDigital Library
- Winslett, M. An Introduction to Trust Negotiation. in Proceedings of 1st International Conference on Trust Management, p.275--283, 2003. Google ScholarDigital Library
Index Terms
- Towards an architectural treatment of software security: a connector-centric approach
Recommendations
Towards an architectural treatment of software security: a connector-centric approach
Security is a very important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an in-depth treatment of security. This paper argues for a more comprehensive treatment based on ...
Reusing security solutions: a repository for architectural decision support
ECSAW '16: Proccedings of the 10th European Conference on Software Architecture WorkshopsToday, the interplay of security design and architecting is still poorly understood and architects lack knowledge about security and architectural security design. Yet, architectural knowledge on security design and its impact on other architectural ...
In Search of Architectural Patterns for Software Security
Software architects design by combining and tailoring styles, patterns, and tactics with known properties. A security-relevant research agenda will give architects a principled body of knowledge from which to reason.
Comments