A formal approach to designing secure software architectures

Software architecture plays a central role in developing software systems that provide basic functionality and satisfy critical properties such as reliability and security. However, little has been done to formally model software architectures and to systematically enforce required properties. We aim to propose a formal approach to designing secure software architectures. We use the software architecture model (SAM), a general software architecture model combining Petri nets and temporal logic, as the underlying formalism. Architecture design consists of the functionality part and the security part. Guidelines are proposed to design functionality of software architectures at both element level and composition level. Software security is enforced by stepwise refinement.

[1]  Xudong He,et al.  A Formal Definition of Hierarchical Predicate Transition Nets , 1996, Application and Theory of Petri Nets.

[2]  Yi Deng,et al.  A Framework for Developing and Analyzing Software Architecture Specifications in SAM , 2002, Comput. J..

[3]  Jiacun Wang,et al.  Introducing software architecture specification and analysis in SAM through an example , 1999, Inf. Softw. Technol..

[4]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[5]  Steve A. Schneider Verifying Authentication Protocols in CSP , 1998, IEEE Trans. Software Eng..

[6]  Ivar Jacobson,et al.  The Unified Modeling Language User Guide , 1998, J. Database Manag..

[7]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[8]  David Garlan,et al.  A formal basis for architectural connection , 1997, TSEM.

[9]  John A. N. Lee,et al.  A methodology for constructing predicate transition net specifications , 1991, Softw. Pract. Exp..