DPS: An architectural style for development of secure software

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2437, Issue , 2002, Pages 180-198

  Fenkam, Pascal ^a   Gall, Harald ^a   Jazayeri, Mehdi ^a   Kruegel, Christopher ^a  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

Alloy; Architectural style; Authorization and access control; Formal methods; Security engineering; Software architecture

Indexed keywords

ACCESS CONTROL; ALLOYING; FORMAL METHODS; SOFTWARE ARCHITECTURE;

ARCHITECTURAL STYLE; AUTHORIZATION AND ACCESS CONTROL; DISTRIBUTED SOFTWARE; MOBILE TEAM COLLABORATION; MULTI-USER; SECURE SOFTWARE; SECURITY ENGINEERING; SOFTWARE SYSTEMS;

ARCHITECTURE;

EID: 84944067116     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-45831-x_13     Document Type: Conference Paper

References (28)

1. Lee Badger, Daniel F. Sterne, David L. Sherman, and Kenneth M. Walker. A domain and type enforcement UNIX prototype. USENIX Computing Systems, 9(1):47–83, 1996.
2. C.A.R Hoare. Communicating Sequential Processes. Prentice Hall, 1985.
3. Premkumar Devanbu and Stuart Stubblebine. Software engineering for security: a roadmap. In ICSE 2000 Special Volume on The Future of Software Engineering, 2000.
4. Antoni Diller. Z:An Introduction To Formal Methods. Oreilly, Mai 1996.
5. Pascal Fenkam, Harald Gall, and Mehdi Jazayeri. Visual Requirements Validation: Case Study in a Corba-supported environment. In Proceedings of the 10th IEEE Joint International RequirementsEngineering Conference, Essen, Germany, page to appear, September 2002.
6. Pascal Christian Fenkam. Dynamic user management system for web sites. Master’s thesis, Graz University of Technology and Vienna University of Technology, September 2000. Available from http//www.ist.tu-graz.ac.at/publications.
7. Anup K Ghosh. Building software component from the ground up. IEEE Software, 19(1):14–16, January 2002.
8. GMD. Xql ipsi, http://xml.darmstadt.gmd.de/xql/, 2002.
9. Anthony Hall and Roderick Chapman. Correctness by construction: Developing a commercial secure system. IEEE Software, pages 18–25, February 2002.
10. Michael Howard and David LeBlanc. Writing Secure Code. Microsoft Press, 2001.
11. Daniel Jackson. Alloy: A lightweight object modelling notation. ACM Transactions on Software Engineering Methododlogy,11(2), April 2002.
12. Daniel Jackson. Automatic analysis of architectural styles. Technical report, MIT Laboratory for Computer Sciences, Software Design Group, Unpublished Manuscript. Available at http://sdg.lcs.mit.edu/ dnj/publications.html.
13. Kernighan and Pike. The Unix Programming Environment. Prentice Hall, April 1984.
14. Engin Kirda, Pascal Fenkam, Gerald Reif, and Harald Gall. A service architecture for mobile teamwork. In Proceedings of the 14th International Conference on Software Engineering Conference and Knowledge Engineering Ischia, ITALY, July 2002.
15. Charlie Lai, Li Gong, larry Koved, Anthony Nadalin, and Roland Schemers. User Authentication and Authorization in The Java Platform. In Proceedings of the 15thA nnual Computer Security Conference, Phoenix, AZ, December 1999.
16. Marry Shaw and David Garlan. Software Architecture-Perspectives on an Emerging Discipline. Prentice Hall, 1996.
17. Gary McGraw. Penetrate and patch is bad. IEEE Software, pages 15–16, February 2002.
18. Gary McGraw and Edward W. Felten. Securing Java, Getting Down to Business withMobile Code. John Wiley and Sons, Inc, 1999.
19. Gian Pietro Picco and Gianpaolo Cugola. PeerWare: Core Middleware Support for Peer-To-Peer and Mobile Systems. Technical report, Dipartimento di Electronica e Informazione, Politecnico di Milano, 2001.
20. Nico Plat and Peter Gorm Larsen. An Overview of the ISO/VDM-SL Standard. In ACM SIGPLAN Notices. ACM SIGPLAN, September 1992.
21. Gerald Reif, Engin Kirda, Harald Gall, Gian Pietro Picco, Gianpaola Cugola, and Pascal Fenkam. A web-based peer-to-peer architecture for collaborative nomadic working. In 10th IEEE Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), Boston, MA, USA. IEEE Computer Society Press, June 2001.
22. Michael P. Ressler. Security sensitive software development. In IEEE International Carnahan Conference on Security Technology (ICCST), 1989.
23. Sun Microsystem. Security code guidelines. Technical report, Sun Microsystem, February 2000. Available at http://java.sun.com/security/seccodeguide.html.
24. The Institute of Applied Computer Science, IFAD. The IFAD VDM Toolbox. IFAD Danemark, 1999. Available from www.ifad.dk.
25. The Open Group. Guide to Security Patterns, Draft 1. The Open Group, April 2002. Available at www.opengroup.org.
26. Frank Tip and Jens Palsberg. Scalable Propagation-based Call Graph Construction Algorithms. In Proceedings of the ACM Conference on Object Oriented Programming Systems, Languages and Applications (OOPSLA 2000). ACM Press, October 2000.
27. John Viega and Gary McGraw. Building Secure Software, How to Avoid Security Problems the Right Way. Addison Wesley Professional Computing Series, 2002.
28. Joseph Yoder and Jeffrey Barcalow. Architectural patterns for enabling application security. In Proceedings of the Pattern Languages of Programming (PLoP) Workshop, September 1997.