A survey of modelling and analysis approaches for architecting secure software systems

International Journal of Network Security

Volumn 5, Issue 2, 2007, Pages 187-198

  Dai, Lirong ^a   Cooper, Kendra ^b  

^a SEATTLE UNIVERSITY   (United States)

^b The University of Texas at Dallas   (United States)

Author keywords

Aspectoriented; Formal methods; Security; Software architecture; Unified modelling language

Indexed keywords

ASPECT-ORIENTED; AUTOMATED ANALYSIS; COMPARISON CRITERION; DEVELOPMENT COSTS; DEVELOPMENT TIME; MODELLING AND ANALYSIS; POTENTIAL BENEFITS; ROLE-BASED ACCESS CONTROL; SECURE SOFTWARE; SECURE SYSTEM; SECURITY; SECURITY FLAWS; SECURITY PROPERTIES; SOFTWARE ARCHITECTURE DESIGN; SOFTWARE DEVELOPMENT LIFE CYCLE;

ACCESS CONTROL; FORMAL METHODS; PETRI NETS; SOFTWARE ARCHITECTURE; UNIFIED MODELING LANGUAGE;

SURVEYS;

EID: 57049186171     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (31)

1. B. Arbaugh, "Security: Technical, social, and legal challenges," Computer, vol. 35, issue 2, pp. 109-111, Feb. 2002.
2. S. Balsamo, M. Marzolla, and A. D. Marco, "Ex-perimenting different software architectures performance techniques: A case study," in Proceedings of the Fourth International Workshop on Software and Performance, pp. 115-119, 2004.
3. L. Bass, P. Clements, and R. Kazman, Software Architecture in Practice (2nd Edition), Addison-Wesley, 2003.
4. J. P. Bowen, R. W. Butler, D. L. Dill, R. L. Glass, D. Gries, and A. Hall, "An invitation to formal methods," Computer, vol. 29, issue 4, pp. 16-29, 1996.
5. A. Brucker, and B. Wolff, "A case study of a formal-ized security architecture," Electronics Notes in The-oretical Computer Science, vol. 80, pp. 1-18, 2003.
6. B. Cheng, S. Honrad, L. Campbell, and R. Wasser-mann, Using Security Patterns to Model and Analyze Security Requirements, Technical Report MSU-CSE-03-18, Department of Computer Science, Michigan State University, 2003.
7. Computer Emergency Readiness Team Coordination Center (CERT/CC) 2004 E-Crime Watch, available at http://www.cert.org/about/ecrime.html
8. K. Cooper, L. Dai, and Y. Deng, "Performance modelling and analysis of software architectures: an aspect-oriented UML based approach," Journal of Science of Computer Programming, System and Soft-ware Architectures, vol. 57, no. 1, pp. 89-108, July 2005.
9. L. Dai, Formal Design Analysis Framework: An Aspect-Oriented Architectural Framework, The Uni-versity of Texas at Dallas, Ph.D. Dissertation, 2005.
10. L. Dai, K. Cooper, and E.Wong, "Modelling reusable security aspects for software architectures: a pat-tern driven approach," in Proceedings of the 17th In-ternational Conference on Software Engineering and Knowledge Engineering, pp. 163-168, July 2005.
11. N. Davis, W. Humphrey, S. T. Jr. Redwine, G. Zibul-ski, and G. McGraw, "Processes for producing secure software," IEEE Security & Privacy Magazine, vol. 2, no. 3, pp. 18-25, May-June 2004.
12. T. Doan, S. Demurjian, T. C. Ting, and A. Ket-terl, "MAC and UML for secure software design," in Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 75-85, 2004.
13. R. Filman, T. Elrad, S. Clarke, andM. Aksit, Aspect-Oriented Software Development, Addison Wesley Professional, 2005.
14. D. Garlan and M. Shaw, "An introduction to soft-ware architecture: advances in software engineering and knowledge engineering," World Scientific Pub-lishing, vol. 1, pp 1-40, 1993.
15. H. Gomaa and M. Eonsuk Shin, "Modelling com-plex systems by separating application and security concerns," in Proceedings of the Ninth IEEE Inter-national Conference on Engineering Complex Com-puter Systems, pp. 19-28, 2004.
16. B. Hashii, "Lessons learned using alloy to formally specify MLS-PCA trusted security architecture," in Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 86-95, 2004.
17. X. He, H. Yu, T. Shi, J. Ding, and Y. Deng, "For-mally analyzing software architectural specifications using SAM," Journal of Systems and Software, vol. 71, no. 1-2, pp. 11-29, 2004.
18. A. H. M. Hofstede, and H. A. Proper, "How to formalize It? Formalization principles for informa-tion system development methods," Information and Software Technology, vol. 40, no. 10, pp. 519-540, 1998.
19. G. J. Holzmann, The Spin Model Checker: Primer and Reference Manual, Addison-Wesley, 2003.
20. ISO 17799 -The Information Security Standard: In-formation technology, Code of practice for informa-tion security management, 2000.
21. J. Jurjens, "Sound methods and effective tools for model-based security engineering with UML," in Proceedings of the 27th International Conference on Software Engineering, pp. 322-331, 2005.
22. R. Laddad, AspectJ in Action: Practical Aspect-Oriented Programming, Manning Publications, 2003.
23. T. Lodderstedt, D. Basin, and J. Doser, "Se-cureUML: A UML-based modelling language for model-driven security," in Proceedings of the 5th International Conference on The Unified Modelling Language, pp. 426-441, 2002.
24. P. V. Mockapetris, Domain Names -Concepts and Facilities, IETF STD0013, November, 1987.
25. A. Ray, "Security check: a formal yet practical framework for secure software architecture," in Pro-ceedings of the 2003 Workshop on New Security Paradigms, pp. 59-65, 2003.
26. J. Rumbaugh, I. Jacobson, and G. Booch, The Uni-fied Modelling Language Reference Manual, 2nd Edi-tion, Addison-Wesley, Reading, MA, 2004.
27. J. Saltzer andM. Schroeder, "The protection of infor-mation in computer systems," Proceedings of IEEE, vol. 63, no. 9, pp. 1278-1308, 1975.
28. M. Shaw and D. Garlan, Software Architecture: Per-spectives in an Emerging Discipline, Prentice Hall, 1996.
29. Software Design Group, the Alloy Analyzer, archived at http://alloy.mit.edu, 2002-2005.
30. B. Win, W. Joosen, and f. Piessens, "Develop-ing secure applications through aspect-oriented pro-gramming," Aspect-Oriented Software Development (ISBN: 0321219767), pp. 633-651, 2005.
31. H. Yu, X. He, S. Gao, and Y. Deng, "Formal software architecture design of secure distributed systems," in Proceedings of the Fifteenth International Conference on Software Engineering and Knowledge Engineering (SEKE';03), pp. 450-457, 2003.