article

Towards an architectural treatment of software security: a connector-centric approach

Authors:

Richard Taylor,

David RedmilesAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 30, Issue 4

Pages 1 - 7

https://doi.org/10.1145/1082983.1083203

Published: 15 May 2005 Publication History

Abstract

Security is a very important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an in-depth treatment of security. This paper argues for a more comprehensive treatment based on software connectors. Connectors provide a suitable vehicle to model, capture, and enforce security. Our approach models security principal, privilege, trust, and context of architectural constituents. Extending our existing architecture description language and support tools, our approach can facilitate describing the security characteristics of an architecture generating enabling infrastructure, and monitoring run-time conformance. Initial results of applying this approach are illustrated through a case study. The contribution of this research is a deeper and more comprehensive treatment of architectural security through software connectors.

References

[1]

Allen, R. and Garlan, D., A Formal Basis for Architectural Connection. ACM Trans. Softw. Eng. Methodol., 1997. 6(3): p. 213--249.

Digital Library

[2]

Bellovin, S. M., Security Problems in the Tcp/Ip Protocol Suite. ACM SIGCOMM Computer Communication Review, 1989. 19(2): p. 32--48.

Digital Library

[3]

Berghel, H., The Code Red Worm. Communications of the ACM, 2001. 44(12): p. 15--19.

Digital Library

[4]

Bidan, C. and Issarny, V. Security Benefits from Software Architecture. in Proceedings of 2nd International Conference on Coordination Languages and Models, p.64--80, 1997.

Digital Library

[5]

Bodoff, S., Armstrong, E., Ball, J., Carson, D., Evans, I., and Green, D., The J2ee#8482; Tutorial. 2nd Edition ed. 2004: Addison-Wesley Professional.

Digital Library

[6]

Clemm, G., Reschke, J., Sedlar, E., and Whitehead, J., Web Distributed Authoring and Versioning (Webdav) Access Control Protocol. RFC 3744, 2004.

Digital Library

[7]

Cuesta, C. E., Romay, M. P., Fuente, P. D. L., and Barrio-Solorzano, M. Reflection-Based, Aspect-Oriented Software Architecture. in Proceedings of 1st European Workshop on Software Architecture, p.43--56, 2004.

[8]

Dashofy, E. M., van der Hoek, A., and Taylor, R. N. An Infrastructure for the Rapid Development of Xml-Based Architecture Description Languages. in Proceedings of Proceedings of the 24th International Conference on Software Engineering, p.266--276, 2002.

Digital Library

[9]

DeLine, R., Avoiding Packaging Mismatch with Flexible Packaging. IEEE Transactions on Software Engineering, 2001. 27(2): p. 124--143.

Digital Library

[10]

Deng, Y., Wang, J., Tsai, J. J. P., and Beznosov, K., An Approach for Modeling and Analysis of Security System Architectures. IEEE Transactions on Knowledge and Data Engineering, 2003. 15(5): p. 1099--1119.

Digital Library

[11]

DePaula, R., Ding, X., Dourish, P., Nies, K., Pillet, B., Redmiles, D., Ren, J., Rode, J., and Filho, R. S., In the Eye of the Beholder: A Visualization-Based Approach to Information System Security. Submitted to International Journal of Human-Computer Studies, 2005.

Digital Library

[12]

Ducasse, S. and Richner, T. Executable Connectors: Towards Reusable Design Elements. in Proceedings of 6th European conference held jointly with the 5th ACM SIGSOFT international symposium on Foundations of software engineering, p.483--499, 1997.

Digital Library

[13]

Filho, R. S. S., Souza, C. R. B. d., and Redmiles, D. F. The Design of a Configurable, Extensible and Dynamic Notification Service. in Proceedings of 2nd International Workshop on Distributed Event-based Systems, p. 1--8, 2003.

Digital Library

[14]

France, R., Ray, I., Georg, G., and Ghosh, S., Aspect-Oriented Approach to Early Design Modelling. IEE Proceedings-Software, 2004. 151(4): p. 173--185.

[15]

Jürjens, J. Umlsec: Extending Uml for Secure Systems Development. in Proceedings of UML '02: Proceedings of the 5th International Conference on The Unified Modeling Language, p.412--425, 2002.

Digital Library

[16]

Katara, M. and Katz, S. Architectural Views of Aspects. in Proceedings of Proceedings of the 2nd international conference on Aspect-oriented software development, p.1--10, 2003.

Digital Library

[17]

Lampson, B. W., A Note on the Confinement Problem. Communications of the ACM, 1973. 16(10): p. 613--15.

Digital Library

[18]

Lodderstedt, T., Basin, D. A., J, and Doser, R. Secureuml: A Uml-Based Modeling Language for Model-Driven Security. in Proceedings of UML '02: Proceedings of the 5th International Conference on The Unified Modeling Language, p.426--441, 2002.

Digital Library

[19]

Lopes, A., Wermelinger, M., and Fiadeiro, J. L., Higher-Order Architectural Connectors. ACM Transactions on Software Engineering and Methodology, 2003. 12(1): p. 64--104.

Digital Library

[20]

Magee, J. and Kramer, J. Dynamic Structure in Software Architectures. in Proceedings of Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering, p.3--14, 1996.

Digital Library

[21]

Medvidovic, N. and Taylor, R. N., A Classification and Comparison Framework for Software Architecture Description Languages. Software Engineering, IEEE Transactions on, 2000. 26(1): p. 70--93.

Digital Library

[22]

Mehta, N. R., Medvidovic, N., and Phadke, S. Towards a Taxonomy of Software Connectors. in Proceedings of 22nd International Conference on Software Engineering, p.178--187, 2000.

Digital Library

[23]

Moriconi, M., Qian, X., Riemenschneider, R. A., and Gong, L. Secure Software Architectures. in Proceedings of 1997 IEEE Symposium on Security and Privacy, p.84--93, 1997.

Digital Library

[24]

Ray, I., France, R., Li, N., and Georg, G., An Aspect-Based Approach to Modeling Access Control Concerns. Information and Software Technology, 2004. 46(9): p. 575--587.

[25]

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E., Role-Based Access Control Models. Computer, 1996. 29(2): p. 38--47.

Digital Library

[26]

Spitznagel, B. and Garlan, D. A Compositional Approach for Constructing Connectors. in Proceedings of 2nd Working IEEE/IFIP Conference on Software Architecture, p.148--157, 2001.

Digital Library

[27]

Sun, W. and Dai, Z. Aosam: A Formal Framework for Aspect-Oriented Software Architecture Specifications. in Proceedings of The 8th IASTED International Conference on Software Engineering and Applications, 2004.

[28]

Tisato, F., Savigni, A., Cazzola, W., and Sosio, A. Architectural Reflection. Realising Software Architectures Via Reflective Activities. in Proceedings of 2nd International Workshop on Engineering Distributed Objects, p. 102--15, 2000.

Digital Library

[29]

Wing, J. M., A Call to Action: Look Beyond the Horizon. Security & Privacy Magazine, IEEE, 2003. 1(6): p. 62--67.

Digital Library

[30]

Winslett, M. An Introduction to Trust Negotiation. in Proceedings of 1st International Conference on Trust Management, p.275--283, 2003.

Digital Library

Cited By

Shin MGomaa HPathirage D(2019)A Software Product Line Approach to Design Secure Connectors in Component-Based Software ArchitecturesSoftware Technologies10.1007/978-3-030-29157-0_17(372-396)Online publication date: 13-Aug-2019
https://doi.org/10.1007/978-3-030-29157-0_17
Jasser SRiebisch MBahsoon RWeinreich R(2016)Reusing security solutionsProccedings of the 10th European Conference on Software Architecture Workshops10.1145/2993412.3007556(1-7)Online publication date: 28-Nov-2016
https://dl.acm.org/doi/10.1145/2993412.3007556
Uzunov AFernandez EFalkner K(2015)Security solution frames and security patterns for authorization in distributed, collaborative systemsComputers and Security10.1016/j.cose.2015.08.00355:C(193-234)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1016/j.cose.2015.08.003
Show More Cited By

Index Terms

Towards an architectural treatment of software security: a connector-centric approach
1. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Software implementation planning
        Software design techniques
    2. Software development process management

Recommendations

Towards an architectural treatment of software security: a connector-centric approach
SESS '05: Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications

Security is a very important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an in-depth treatment of security. This paper argues for a more comprehensive treatment based on ...
In Search of Architectural Patterns for Software Security

Software architects design by combining and tailoring styles, patterns, and tactics with known properties. A security-relevant research agenda will give architects a principled body of knowledge from which to reason.
Software Architectural Design Meets Security Engineering
ECBS '09: Proceedings of the 2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems

Security requirements strongly influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 30, Issue 4

July 2005

1514 pages

ISSN:0163-5948

DOI:10.1145/1082983

Issue’s Table of Contents

SESS '05: Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
May 2005
112 pages
ISBN:1595931147
DOI:10.1145/1083200

Copyright © 2005 Copyright is held by the owner/author(s).

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 May 2005

Published in SIGSOFT Volume 30, Issue 4

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
1,263
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shin MGomaa HPathirage D(2019)A Software Product Line Approach to Design Secure Connectors in Component-Based Software ArchitecturesSoftware Technologies10.1007/978-3-030-29157-0_17(372-396)Online publication date: 13-Aug-2019
https://doi.org/10.1007/978-3-030-29157-0_17
Jasser SRiebisch MBahsoon RWeinreich R(2016)Reusing security solutionsProccedings of the 10th European Conference on Software Architecture Workshops10.1145/2993412.3007556(1-7)Online publication date: 28-Nov-2016
https://dl.acm.org/doi/10.1145/2993412.3007556
Uzunov AFernandez EFalkner K(2015)Security solution frames and security patterns for authorization in distributed, collaborative systemsComputers and Security10.1016/j.cose.2015.08.00355:C(193-234)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1016/j.cose.2015.08.003
Saidane AGuelfi N(2011)Towards improving security testability of AADL architecture models2011 5th International Conference on Network and System Security10.1109/ICNSS.2011.6060029(353-357)Online publication date: Sep-2011
https://doi.org/10.1109/ICNSS.2011.6060029
Kylikowski EScandariato RJoosen W(2008)Using Multi-Level Security Annotations to Improve Software AssuranceProceedings of the 2008 11th IEEE High Assurance Systems Engineering Symposium10.1109/HASE.2008.60(471-474)Online publication date: 3-Dec-2008
https://dl.acm.org/doi/10.1109/HASE.2008.60
Shin MGomaa H(2007)Software requirements and architecture modeling for evolving non-secure applications into secure applicationsScience of Computer Programming10.1016/j.scico.2006.10.00966:1(60-70)Online publication date: 1-Apr-2007
https://dl.acm.org/doi/10.1016/j.scico.2006.10.009
Shin MGomaa HPathirage D(2016)Reusable Secure Connectors for Secure Software ArchitectureProceedings of the 15th International Conference on Software Reuse: Bridging with Social-Awareness - Volume 967910.1007/978-3-319-35122-3_13(181-196)Online publication date: 5-Jun-2016
https://dl.acm.org/doi/10.1007/978-3-319-35122-3_13
Slotos TSeinturier LAlmeida ECarlson J(2014)A specification schema for software connectorsProceedings of the 17th international ACM Sigsoft symposium on Component-based software engineering10.1145/2602458.2602464(139-148)Online publication date: 27-Jun-2014
https://dl.acm.org/doi/10.1145/2602458.2602464
Firdaus AGhani IJeong S(2014)Secure Feature Driven Development (SFDD) Model for Secure Software DevelopmentProcedia - Social and Behavioral Sciences10.1016/j.sbspro.2014.03.712129(546-553)Online publication date: May-2014
https://doi.org/10.1016/j.sbspro.2014.03.712
Uddin MShahriar HZulkernine M(2007)ACIRProceedings of the 31st Annual International Computer Software and Applications Conference - Volume 0210.1109/COMPSAC.2007.49(249-254)Online publication date: 24-Jul-2007
https://dl.acm.org/doi/10.1109/COMPSAC.2007.49

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents