A security characterisation framework for trustworthy component based software systems

This paper explores how to characterize security properties of software components, and how to reason about their suitability for a trustworthy compositional contract. Our framework provides an explicit opportunity for software composers as well as software components to test a priori security properties of software components in a system composition. The proposed framework uses logic programming as a tool to represent security properties of atomic components and reason about their compositional matching with other components. This enables software components as well as composers to "test" possible matches and mismatches between the security properties of the candidate components and the security requirements of the enclosing applications systems.

[1]  Dennis W. Fife Workshop Reports , 1966 .

[2]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[3]  Subrata Kumar Das,et al.  Deductive Databases and Logic Programming , 1992 .

[4]  Robert Englander Developing Java Beans , 1997 .

[5]  Providing Trusted Components to the Industry , 1998, Computer.

[6]  Jun Han A comprehensive interface definition framework for software components , 1998, Proceedings 1998 Asia Pacific Software Engineering Conference (Cat. No.98EX240).

[7]  Jeffrey M. Voas,et al.  Certifying Off-the-Shelf Software Components , 1998, Computer.

[8]  Jean-Marc Jézéquel,et al.  Making Components Contract Aware , 1999, Computer.

[9]  William T. Councill Third-Party Testing and the Quality of Software Components , 1999, IEEE Softw..

[10]  Andrew Rosenbloom,et al.  Trusting technology: introduction , 2000, CACM.

[11]  Jeffrey M. Voas Composing Software Component "ilities" , 2001, IEEE Softw..

[12]  Ivica Crnkovic,et al.  4th ICSE workshop on component-based software engineering: component certification and system prediction , 2001, ACM SIGSOFT Softw. Eng. Notes.

[13]  Khaled M. Khan,et al.  A framework for an active interface to characterise compositional security contracts of software components , 2001, Proceedings 2001 Australian Software Engineering Conference.

[14]  Khaled M. Khan,et al.  Composing Security-Aware Software , 2002, IEEE Softw..

[15]  Alex M. Andrew,et al.  Knowledge Representation, Reasoning and Declarative Problem Solving , 2004 .