Analyzing security architectures

ASE'10 - Proceedings of the IEEE/ACM International Conference on Automated Software Engineering

Volumn , Issue , 2010, Pages 3-12

  Abi Antoun, Marwan ^a   Barnes, Jeffrey M ^b  

^a Wayne State University   (United States)

^b Carnegie Mellon University ^*  (United States)

Author keywords

Design; Security; Verification

Indexed keywords

ARCHITECTURAL TYPES; ARCHITECTURE DESCRIPTION LANGUAGES; GLOBAL CONSTRAINTS; JAVA IMPLEMENTATION; OBJECT GRAPHS; OBJECT-ORIENTED IMPLEMENTATION; RUNTIME ARCHITECTURE; RUNTIMES; SECURITY; SECURITY ARCHITECTURE; SECURITY EXPERTS; SEMI-AUTOMATED; SEPARATE ANALYSIS; TARGET ARCHITECTURES;

AUTOMATION; SOFTWARE ENGINEERING;

STATIC ANALYSIS;

EID: 78649767916     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1858996.1859001     Document Type: Conference Paper

References (39)

1. www.cs.wayne.edu/~mabianto/cryptodb/2010.
2. M. Abi-Antoun and J. Aldrich. Static extraction and conformance analysis of hierarchical runtime architectural structure using annotations. In OOPSLA, 2009.
3. M. Abi-Antoun and J. M. Barnes. Enforcing conformance between security architecture and implementation. Technical Report CMU-ISR-09-113, Carnegie Mellon Univ., 2009.
4. M. Abi-Antoun and J. M. Barnes. STRIDE-based security model in Acme. Technical Report CMU-ISR-10-106, Carnegie Mellon Univ., 2010.
5. M. Abi-Antoun, D. Wang, and P. Torr. Checking threat modeling data flow diagrams for implementation conformance and security. In ASE, pages 393-396, 2007. Short paper/poster.
6. J. Aldrich and C. Chambers. Ownership domains: Separating aliasing policy from mechanism. In ECOOP, 2004.
7. A. Bittau, P. Marchenko, M. Handley, and B. Karp. Wedge: Splitting applications into reduced-privilege compartments. In NSDI, 2008.
8. P. Clements et al. Documenting software architectures: views and beyond. Addison-Wesley, 2003.
9. CORAS. http://coras.sourceforge.net, 2006.
10. Y. Deng, J. Wang, J. J. P. Tsai, and K. Beznosov. An approach for modeling and analysis of security system architectures. Knowledge & Data Eng., 15(5), 2003.
11. S. Ducasse and D. Pollet. Software architecture reconstruction: a process-oriented taxonomy. TSE, 35(4), 2009.
12. D. Garlan, R. Monroe, and D. Wile. Acme: architectural description of component-based systems. In Component-based systems. Cambridge Univ., 2000.
13. B. Hackett et al. Modular checking for buffer overflows in the large. In ICSE, 2006.
14. H. J. Hoover and D. Hou. Using SCL to specify and check design intent in source code. TSE, 32(6), 2006.
15. M. Howard and D. LeBlanc. Writing secure code. Microsoft Press, 2nd edition, 2003.
16. M. Howard and S. Lipner. The security development lifecycle. Microsoft Press, 2006.
17. D. Jackson and A. Waingold. Lightweight extraction of object models from bytecode. TSE, 27(2), 2001.
18. J. Jürjens. Secure systems development with UML. Springer, 2004.
19. K. Kenan. Cryptography in the database. Addison-Wesley, 2006. Code at http://kevinkenan.blogs.com/downloads/cryptodb-code.zip.
20. D. Kirk, M. Roper, and M. Wood. Identifying and addressing problems in object-oriented framework reuse. Empirical Softw. Eng., 12(3), 2006.
21. J. Knodel and D. Popescu. A comparison of static architecture compliance checking approaches. In WICSA, 2007.
22. R. Koschke. Architecture reconstruction: Tutorial on reverse engineering to the architectural level. In Intl. Summer School on Software Engineering, 2008.
23. M. Krohn et al. Information flow control for standard OS abstractions. In SOSP, 2007.
24. T. Lodderstedt, D. A. Basin, and J. Doser. SecureUML: A UML-based modeling language for model-driven security. In UML, 2002.
25. D. C. Luckham and J. Vera. An event-based architecture definition language. TSE, 21(9), 1995.
26. Microsoft threat modeling tool. http://msdn.microsoft.com/en-us/security/ sdl-threat-modeling-tool.aspx, 2007.
27. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. TOSEM, 14(1), 2005.
28. N. Mitchell, E. Schonberg, and G. Sevitsky. Making sense of large heaps. In ECOOP, 2009.
29. R. Monroe. Capturing software architecture design expertise with Armani. Technical Report CMU-CS-98-163R, Carnegie Mellon Univ., 2001.
30. M. Moriconi, X. Qian, R. A. Riemenschneider, and L. Gong. Secure software architectures. In IEEE Security & Privacy, 1997.
31. G. C. Murphy, D. Notkin, and K. J. Sullivan. Software reflexion models: Bridging the gap between design and implementation. TSE, 27(4), 2001.
32. A. C. Myers. JFlow: Practical mostly-static information flow control. In POPL, 1999.
33. M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In POPL, 1999.
34. B. Schmerl, J. Aldrich, D. Garlan, R. Kazman, and H. Yan. Discovering architectures from running systems. TSE, 32(7), 2006.
35. M. Sefika, A. Sane, and R. H. Campbell. Monitoring compliance of a software system with its high-level design models. In ICSE, 1996.
36. F. Swiderski and W. Snyder. Threat modeling. Microsoft Press, 2004.
37. P. Tonella and A. Potrich. Reverse engineering of object-oriented code. Springer, 2004.
38. P. Torr. Demystifying the threat-modeling process. IEEE Security & Privacy, 3(5), 2005.
39. N. Zeldovich, S. Boyd-Wickizer, and D. Mazières. Securing distributed systems with information flow control. In NSDI, 2008.