Towards a unifying view on security contracts

A key property of software component technology is predictability, which means that the properties of an overall system can be deduced from the properties of the individual components. One of the crucial building blocks in component technology is the notion of component contract. In order to leverage predictability for the construction of secure systems, security requirements and properties must be adequately supported by component contracts, which is currently a challenging and open problem. This paper provides an overview of the problem domain by presenting an initial taxonomy of security contracts and their representative security properties.

[1]  Frank Piessens,et al.  Static Verification of Code Access Security Policy Compliance of .NET Applications , 2006, J. Object Technol..

[2]  Wouter Joosen,et al.  View connectors for the integration of domain specific access control , 2005 .

[3]  Robert DeLine,et al.  Typestates for Objects , 2004, ECOOP.

[4]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[5]  Steffen Göbel,et al.  The COMQUAD component model: enabling dynamic selection of implementations by weaving non-functional aspects , 2004, AOSD '04.

[6]  Bart De Win,et al.  Engineering application-level security through aspect-oriented software development , 2004 .

[7]  Mikael Peterson,et al.  CAESAR : A proposed method for evaluating security in component-based distributed information systems , 2004 .

[8]  Christoph Pohl,et al.  Towards Unified Treatment of Security and Other Non-Functional Properties , 2004 .

[9]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[10]  Microsystems Sun,et al.  Enterprise JavaBeans^ Specification Version 2.1 , 2002 .

[11]  Khaled M. Khan,et al.  Composing Security-Aware Software , 2002, IEEE Softw..

[12]  H. B. M. Jonkers Interface-centric architecture descriptions , 2001, Proceedings Working IEEE/IFIP Conference on Software Architecture.

[13]  Keith Brown,et al.  Programming Windows Security , 2000 .

[14]  Len Bass,et al.  Technical Concepts of Component-Based Software Engineering, Volume 2 , 2000 .

[15]  Santiago Comella-Dorda,et al.  Volume II: Technical Concepts of Component-Based Software Engineering , 2000 .

[16]  Jean-Marc Jézéquel,et al.  Making Components Contract Aware , 1999, Computer.

[17]  E. Stewart Lee,et al.  A general theory of security properties , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[18]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[19]  Akinori Yonezawa,et al.  Abstracting Object Interactions Using Composition Filters , 1993, ECOOP Workshop.