|
 ABSTRACT
Existing software systems have become increasingly durable and their lifetimes have significantly lengthened. They are increasingly distributed and decentralized. Our dependence on them has grown tremendously. As such, the issues of trustworthiness and security have become prime concerns in designing, constructing, and evolving software systems. However, the exact meanings of these concepts are not universally agreed upon, nor is their role in the different phases of the software development lifecycle. In this paper, we argue that trustworthiness is a more broadly encompassing term than security, and that the two are often interdependent. We then identify a set of dimensions of trustworthiness. Finally, we analyze how the key elements of a software system's architecture can be leveraged in support of those trustworthiness dimensions. Our ultimate goal is to apply these ideas in the context of a concrete software architecture project. The goal of this paper is more modest: to understand the problem area and its relation to software architecture.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Chung, L., Nixon, B. A., Yu, E. and Mylopoulos, J. Non-Functional Requirements in Software Engineering. Kluwer Academic Publishers, Boston Hardbound, ISBN 0-7923-8666-3 October 1999, 472 pp.
|
 |
2
|
|
| |
3
|
|
| |
4
|
|
| |
5
|
|
| |
6
|
Medvidovic, N., Mikic-Rakic, M., and Mehta, N. Improving Dependability of Component-Based Systems via Multi-Versioning Connectors. In Architecting Dependable Systems. Lecture Notes in Computer Science (LCNS 2677). R. de Lemos, C. Gacek, and A. Romanovsky (Eds.), 2003.
|
| |
7
|
|
| |
8
|
|
| |
9
|
Misra K. Reliability Analysis and Prediction, Elsevier, 1992.
|
| |
10
|
|
| |
11
|
Goel, A. L. and Okumoto K. Time-Dependent Error-Detection Rate Models for Software Reliability and Other Performance Measures, IEEE Trans. on Reliability, 28(3):206--211, 1979.
|
| |
12
|
Jelinski, Z. and Moranda, P. B. Software Reliability Research, Statistical Computer Performance Evaluation, edited by W. Freigerger, Academic Press, 1972.
|
| |
13
|
|
| |
14
|
Mikic-Rakic, M., and Medvidovic, N. Software Architectural Support for Disconnected Operation in Highly Distributed Environments. Proceedings of International Symposium on Component-based Software Engineering, pp. 23--39, 2004.
|
| |
15
|
|
| |
16
|
Department of Defense. DOD Trusted Computer System Evaluation Criteria. DOD 5200.28-STD. Washington D.C. Department of Defense (U.S. Government Printing Office number 008-000-00461-7), 1985.
|
| |
17
|
|
| |
18
|
McLean, J. Security models. In J. Marciniak, editor, Encyclopedia of Software Engineering. Wiley Press, 1994.
|
| |
19
|
Bell, D. and LaPadula, L. Secure computer systems: Unified exposition and multics interpretation. Technical Report ESDTR-75-306, MITRE Corp., Bedford, Mass., March 1976.
|
| |
20
|
Jurjens, J. Towards Secure Systems Development with UMLsec. In Fundamental Approaches to Software Engineering (FASE/ETAPS 2001).
|
| |
21
|
Mattmann, C, Malek, S, Beckman, N, Mikic-Rakic, M, Medvidovic, N, and Crichton, D. GLIDE: A Grid-based, Light-weight Infrastructure for Data-intensive Environments, Proceedings of 2005 European Grid Conference, Feb. 2005.
|
| |
22
|
|
| |
23
|
|
| |
24
|
|
| |
25
|
Xenitellis, S. A New Avenue of Attack: Event-driven System Vulnerabilities. Proceedings of European Conference on Information Warfare and Security, MCIL. Pp. 177--185.
|
| |
26
|
Li, P., and Zdancewic, S. Practical Information-flow Control in Web-based Information Systems. Submitted, Nov. 2004. Paper available at: http://www.seas.upenn.edu/~lipeng/homepage/papers/lz05sp.pdf.
|
| |
27
|
|
| |
28
|
Baumann A., Appavoo, J., Da Silva, D., Krieger, O. and Wisniewski, R. W. Improving Operating System Availability With Dynamic Update, OASIS (Workshop on Operating System and Architectural Support for the on demand IT InfraStructure) pp. 21--27, October 9, 2004, Boston Massachusetts.
|
| |
29
|
|
| |
30
|
|
| |
31
|
|
| |
32
|
|
| |
33
|
ACM SIGSOFT Workshop on Self-Healing Systems (WOSS02), http://www-2.cs.cmu.edu/~garian/woss02/, 2002.
|
| |
34
|
ACM SIGSOFT Workshop on Self-Healing Systems (WOSS04), http://www-2.cs.cmu.edu/~garlan/woss04/, 2004.
|
| |
35
|
2003 ACM Workshop on Survivable and Self-Regenerative Systems, http://ist.psu.edu/s2/ACM-SRS.html, 2003.
|
| |
36
|
Ying, S. Fault Tolerance Computing - Draft. http://www.ece.cmu.edu/~koop-man/des_s99/fault_tolerant/index.html.
|
| |
37
|
|
| |
38
|
Lee, I. and Iyer, R. K. Faults, Symptoms, and Software Fault Tolerance in the Tandem GUARDIAN90 Operating System, IEEE 1993, pp. 20--29.
|
| |
39
|
Mikic-Rakic, M. and Medvidovic, N. Towards a Framework for Classifying Disconnected Operation Techniques. Proceedings of the ICSE Workshop on Architecting Dependable Systems, 2003.
|
| |
40
|
|
| |
41
|
Goseva - Popstojanova, K. and Trivedi, K. S. Architecture Based Software Reliability. Proc. of ASSM 2000 Int. Conf on Applied Stochastic System Modeling, March 2000, Kyoto, Japan.
|
| |
42
|
Rosenberg, L., Hammer, T. and Shaw, J. Software Metrics and Reliability. Proceedings of IEEE International Symposium on Software Reliability Engineering, 1998.
|
| |
43
|
Robert J. Ellison , David A. Fisher , Richard C. Linger , Howard F. Lipson , Thomas A. Longstaff , Nancy R. Mead, Survivability: Protecting Your Critical Systems, IEEE Internet Computing, v.3 n.6, p.55-63, November 1999
[doi> 10.1109/4236.807008
]
|
| |
44
|
|
CITED BY 3
|
|
|
|
|
Zheng Yan , Christian Prehofer , Valtteri Niemi, Trust4All: a trustworthy middleware platform for component software, Proceedings of the 7th Conference on 7th WSEAS International Conference on Applied Informatics and Communications, p.124-129, August 24-26, 2007, Vouliagmeni, Athens, Greece
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.2