Formal analysis of software security system architectures

Author

Deng, Yi ; Wang, Jiacun ; Tsai, Jeffrey J P

Author_Institution

Dept. of Comput. Sci., Texas Univ., Dallas, TX, USA

fYear

2001

fDate

2001

Firstpage

426

Lastpage

434

Abstract

We present an approach for analysis of security system architecture. Constraint patterns are introduced to formally specify the generic form of security policies that all implementations of the system architecture must enforce. The analysis is driven by incrementally decomposing a system-wide constraint pattern into a set of constraint patterns of constituent components. Since there are potentially many ways to partition a security system, a key element of the analysis is to verify that the component constraint patterns are collectively consistent with the global constraint pattern under the given architecture. A “consistent” component constraint is then used as the basis for analyzing possible designs of the component. We show that our approach is both flexible and scalable, which not only ensures the consistency of critical early design decisions, but also provides a framework to guide correct implementations of the design

Keywords

security of data; software architecture; constraint patterns; design decision consistency; formal specification; software security system architectures; Computer architecture; Computer science; Computer security; IP networks; Information resources; Information security; Modems; Pattern analysis; Protection; Software systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Autonomous Decentralized Systems, 2001. Proceedings. 5th International Symposium on

Conference_Location

Dallas, TX

Print_ISBN

0-7695-1065-5

Type

conf

DOI

10.1109/ISADS.2001.917448

Filename

917448