Security characterisation of software components and their composition

Proposes a security characterisation structure of software components and their composition. The structure provides a preliminary modelling of the security properties of stand-alone software components and some of their compositional primitives. In this paper, we are particularly interested in security properties related to user data protection of software components. The proposed compositional specification makes an attempt to model the resulting effect between the security attributes of two contracting components. The compositional specification structure can capture the results of the combined security specifications of two participating components in a contract. Our security specification syntax is based on four compositional elements: the identities of the contracting components, the actions to be performed in a compositional relationship, the security attributes supported by the components, and the resources to be used by other components. The structure is used in an example of secure interactions over a network in order to illustrate the applicability of the proposed work