Security characterisation and integrity assurance for component-based software

Software systems are increasingly being assembled from components that are developed by and purchased from third parties, for technical and economic gains. In such component-based software development, the functionality and quality-of-service attributes of the software components should be clearly and adequately specified (or packaged) through their interfaces, so that the characteristics of the systems assembled from the components can be analysed relative to the system requirements. In this paper, we consider one particular quality-of-service attribute, i.e. security, and outline an approach to (1) specifying the security characteristics of software components and (2) analysing the security properties of component-based systems in terms of their component characteristics and system architectures. The approach is partially based on the Common Criteria for Information Technology Security Evaluation (ISO/IEC International Standard 15408). In addition, we also introduce out work on ensuring the integrity of software components as part of the infrastructural support for component-based software engineering