Analyzing Security Interoperability during Component Integration

Developing large software systems by integrating components has a great potential to reduce costs and time to market. However, it also poses serious threats to the nonfunctional aspects of the composed system. One such problem is how to build secure composite system from components which may or may not be individually secure. A systematic approach for determining interoperability of components from a security standpoint and unifying the security features, policies and implementation mechanisms of components is needful. This paper presents a goal-oriented and model-driven approach to analyzing the security features of components to determine interoperability and a guideline for integrating them to fulfil the security goals of the composite system. The proposed analysis procedure leads to discovery of some classes of security interoperability conflicts which helps to determine whether or not the components should be used together. We provide an empirical study by applying the proposed approach to integrate two components by unifying the security features of the components to satisfice the security goals of a student and seminar information system