Leveraging architectural models to inject trust into software systems

SESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications

Volumn , Issue , 2005, Pages

  Banerjee, Somo ^a   Mattmann, Chris A ^a,b   Medvidovic, Nenad ^a   Golubchik, Leana ^a,c  

^a University of Southern California   (United States)

^b CALIFORNIA INSTITUTE OF TECHNOLOGY   (United States)

^c UNIVERSITY OF SOUTHERN CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION PROGRAMS; LIFE CYCLE; NETWORK SECURITY; SOFTWARE ARCHITECTURE;

ARCHITECTURAL MODELS; KEY ELEMENTS; PROBLEM AREAS; SOFTWARE DEVELOPMENT LIFE CYCLE; SOFTWARE SYSTEMS;

SOFTWARE DESIGN;

EID: 85088201822     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1083200.1083213     Document Type: Conference Paper

References (44)

1. Chung, L., Nixon, B.A., Yu, E. and Mylopoulos, J. Non-Functional Requirements in Software Engineering. Kluwer Academic Publishers, Boston Hardbound, ISBN 0-7923-8666-3 October 1999, 472 pp.
2. Bernstein, L. Trustworthy Software Systems. ACM SIGSOFT Software Engineering Notes, Page 4, Vol 30 No. 1, January 2005.
3. Gasser, M. Building a secure computer system. Van Nostrand Reinhold Co., New York, NY, USA, ISBN 0-442-23022-2 1988, 288 pp.
4. Devanbu, P.T., and Stubblebine, S. Software Engineering for Security: a Roadmap. In The Future of Software Engineering. Special volume of the proceedings of the 22nd International Conference on Software Engineering, June 2000.
5. Perry, D.E. and Wolf, A.L. Foundations for the Study of Software Architecture. ACM SIGSOFT Software Engineering Notes, Volume 17, Number 4, 1992.
6. Medvidovic, N., Mikic-Rakic, M., and Mehta, N. Improving Dependability of Component-Based Systems via Multi-Versioning Connectors. In Architecting Dependable Systems. Lecture Notes in Computer Science (LCNS 2677). R. de Lemos, C. Gacek, and A. Romanovsky (Eds.), 2003.
7. Roshandel, R. Calculating Architectural Reliability via Modeling and Analysis. In Proceeding of the Doctoral Symposium of the 26th International Conference on Software Engineering (ICSE26), Edinburgh, UK, May 2004.
8. Littlewood, B. and Strigini, L. Software reliability and dependability: a roadmap. In Proceedings of the Conference on The Future of Software Engineering, Limerick, Ireland, pp. 175-188, 2000.
9. Misra K. Reliability Analysis and Prediction, Elsevier, 1992.
10. Medvidovic, N. and Taylor, R. N. A Classification and Comparison Framework for Software Architecture Description Languages. IEEE Transactions on Software Engineering, Vol. 26, No. 1, pp. 70-93, January, 2000.
11. Goel, A.L. and Okumoto K. Time-Dependent Error-Detection Rate Models for Software Reliability and Other Performance Measures, IEEE Trans. on Reliability, 28(3):206-211, 1979.
12. Jelinski, Z. and Moranda, P. B. Software Reliability Research, Statistical Computer Performance Evaluation, edited by W. Freigerger, Academic Press, 1972.
13. Wang W., Wu Y., and Chen M. An architecture-based software reliability model, in Proc. of Pacific Rim International Symposium on Dependable Computing, 1999.
14. Mikic-Rakic, M., and Medvidovic, N. Software Architectural Support for Disconnected Operation in Highly Distributed Environments. Proceedings of International Symposium on Component-based Software Engineering, pp. 23-39, 2004.
15. Bashir, I., Serafini, E., and Wall, K. Securing network software applications: introduction. Communications of the ACM, Vol. 44, Issue 2, pp. 28-30, February 2001.
16. Department of Defense. DOD Trusted Computer System Evaluation Criteria. DOD 5200.28-STD. Washington D.C. Department of Defense (U.S. Government Printing Office number 008-000-00461-7), 1985.
17. Shaw, M., Clements, P. A Field Guide to Boxology: Preliminary Classification of Architectural Styles for Software Systems. Proc. COMPSAC97, 21st Int'l Computer Software and Applications Conference, pp. 6-13, August 1997.
18. McLean, J. Security models. In J. Marciniak, editor, Encyclopedia of Software Engineering. Wiley Press, 1994.
19. Bell, D. and LaPadula, L. Secure computer systems: Unified exposition and multics interpretation. Technical Report ESDTR- 75-306, MITRE Corp., Bedford, Mass., March 1976.
20. Jurjens, J. Towards Secure Systems Development with UMLsec. In Fundamental Approaches to Software Engineering (FASE/ETAPS 2001).
21. Mattmann, C, Malek, S, Beckman, N, Mikic-Rakic, M, Medvidovic, N, and Crichton, D. GLIDE: A Grid-based, Lightweight Infrastructure for Data-intensive Environments, Proceedings of 2005 European Grid Conference, Feb. 2005.
22. Bidan, C. and Issarny, V. Security benefits from software architecture. In Proceedings of COORDINATION'97: Coordination Languages and Models, pages 64-80, 1997.
23. Mattmann, C, Crichton, D, Hughes, J.S., Kelly, S., and Ramirez, P. Software Architecture for Large-scale, Distributed, Data-intensive Systems. Proceedings of IEEE/IFIP Working Conference on Software Architecture, June 2004.
24. Xenitellis, S. (2002a). Security vulnerabilities in event-driven systems. Proceedings of IFIP SEC'2002. Pp. 147-160.
25. Xenitellis, S. A New Avenue of Attack: Event-driven System Vulnerabilities. Proceedings of European Conference on Information Warfare and Security, MCIL. Pp. 177-185.
26. Li, P., and Zdancewic, S. Practical Information-flow Control in Web-based Information Systems. Submitted, Nov. 2004. Paper available at: http://www.seas.upenn.edu/~lipeng/homepage/ papers/lz05sp.pdf.
27. Wohlstadter, E., Jackson, S., Devanbu, P. DADO: Enhancing middleware to support cross-cutting features in distributed, heterogeneous systems, Proceedings of the International Conference on Software Engineering, 2003.
28. Baumann A., Appavoo, J., Da Silva, D., Krieger, O.and Wisniewski, R.W. Improving Operating System Availability With Dynamic Update, OASIS (Workshop on Operating System and Architectural Support for the on demand IT Infra-Structure) pp. 21-27, October 9, 2004, Boston Massachusetts.
29. Hicks, M., Moore, J. T., and Nettles, S. Dynamic software updating. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 13-23. ACM, June 2001.
30. Knight, J. C. and Leveson, N. G. An Experimental Evaluation of the Assumption of Independence in Multi-version Programming, IEEE Transactions on Software Engineering, Vol. SE-12, No. 1 (January 1986), pp. 96-109.
31. Shimeall, T. J. and Leveson, N. G. An Empirical Comparison of Software Fault Tolerance and Fault Elimination. IEEE Transactions on Software Engineering, vol. 17, no. 2, pp. 173-182, February 1991.
32. Moore, A. P. & Ellison, R. J. TRIAD: A Framework for Survivability Architecting. Proceedings of the Workshop on Survivable and Self-Regenerative Systems, 10th ACM Conference on Computer and Communications Security. Washington, D.C., October 31, 2003.
33. ACM SIGSOFT Workshop on Self-Healing Systems (WOSS02), http://www-2.cs.cmu.edu/~garlan/woss02/, 2002.
34. ACM SIGSOFT Workshop on Self-Healing Systems (WOSS04), http://www-2.cs.cmu.edu/~garlan/woss04/, 2004.
35. 2003 ACM Workshop on Survivable and Self-Regenerative Systems, http://ist.psu.edu/s2/ACM-SRS.html, 2003.
36. Ying, S. Fault Tolerance Computing - Draft. http://www.ece.cmu.edu/~koopman/ des-s99/fault-tolerant/index.html.
37. M. R. Lyu, ed., Software Fault Tolerance Chichester, England: John Wiley and Sons, Inc., 1995.
38. Lee, I. and Iyer, R.K. Faults, Symptoms, and Software Fault Tolerance in the Tandem GUARDIAN90 Operating System, IEEE 1993, pp. 20-29.
39. Mikic-Rakic, M. and Medvidovic, N. Towards a Framework for Classifying Disconnected Operation Techniques. Proceedings of the ICSE Workshop on Architecting Dependable Systems, 2003.
40. Shaw, M. and Garlan, D. Software Architecture: Perspectives on an Emerging Discipline. Prentice Hall, ISBN 0-13-182957-2, 242 pp.
41. Goseva - Popstojanova, K. and Trivedi, K.S. Architecture Based Software Reliability. Proc. of ASSM 2000 Int. Conf on Applied Stochastic System Modeling, March 2000, Kyoto, Japan.
42. Rosenberg, L., Hammer, T. and Shaw, J. Software Metrics and Reliability. Proceedings of IEEE International Symposium on Software Reliability Engineering, 1998.
43. Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N. Survivability: Protecting Your Critical Systems. IEEE Internet Computing, Vol. 3, No. 6, 1999.
44. http://www-scf.usc.edu/~sbanerje/Trustworthiness/trust-taxonomy. Pdf