Supporting Security Sensitive Architecture Design

Security is an important quality attribute required in many software intensive systems. However, software development methodologies do not provide sufficient support to address security related issues. Furthermore, the majority of the software designers do not have adequate expertise in the security domain. Thus, security is often treated as an add-on to the designed architecture. Such ad-hoc practices to deal with security issues can result in a system that is vulnerable to different types of attacks. The security community has discovered several security sensitive design patterns, which can be used to compose a security sensitive architecture. However, there is little awareness about the relationship between security and software architecture. Our research has identified several security patterns along with the properties that can be achieved through those patterns. This paper presents those patterns and properties in a framework that can provide appropriate support to address security related issues during architecture processes.

[1]  Jan Bosch,et al.  A framework for capturing the relationship between usability and software architecture , 2003, Softw. Process. Improv. Pract..

[2]  Mark Johnson,et al.  Designing Enterprise Applications with the J2EE¿ Platform , 2002 .

[3]  Barry W. Boehm,et al.  Identifying Quality-Requirement Conflicts , 1996, IEEE Softw..

[4]  Mourad Debbabi,et al.  Security Design Patterns: Survey and Evaluation , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[5]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[6]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[7]  Richard Barber,et al.  The Secured Enterprise: Protecting Your Information Assets , 2002 .

[8]  Kent Petersson,et al.  Software Architecture as a Combination of Patterns , 2022 .

[9]  Liming Zhu,et al.  Mining patterns to support software architecture evaluation , 2004, Proceedings. Fourth Working IEEE/IFIP Conference on Software Architecture (WICSA 2004).

[10]  N. H. Lassing,et al.  The goal of software architecture analysis: confidence building or risk assessment , 1999 .

[11]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[12]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[13]  Muhammad Ali Babar,et al.  Scenarios, quality attributes, and patterns: capturing and using their synergistic relationships for product line architectures , 2004, 11th Asia-Pacific Software Engineering Conference.

[14]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[15]  Leonard J. Bass,et al.  Linking usability to software architecture patterns through general scenarios , 2003, J. Syst. Softw..

[16]  B. F. Castro Buschmann, Frank; Meunier, Regine; Rohnert, Hans; Sommerlad, Peter; Stal, Michael. Pattern-oriented software architecture: a system of patterns, John Wiley & Sons Ltd, 1996 , 1997 .

[17]  Rick Kazman,et al.  Experience with Performing Architecture Tradeoff Analysis Method , 1999, ICSE 1999.

[18]  Peter Williams,et al.  Digital Certificates: Applied Internet Security , 1998 .

[19]  Leonard J. Bass,et al.  Quality Attribute Design Primitives and the Attribute Driven Design Method , 2001, PFE.

[20]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[21]  John J. Marciniak,et al.  Encyclopedia of Software Engineering , 1994, Encyclopedia of Software Engineering.

[22]  Leonard J. Bass,et al.  SAAM: a method for analyzing the properties of software architectures , 1994, Proceedings of 16th International Conference on Software Engineering.

[23]  Peter Williams,et al.  Digital Certificates: Applied Internet Security (with CD-ROM) , 1998 .

[24]  Mark Klein,et al.  Applicability of General Scenarios to the Architecture Tradeoff Analysis Method , 2001 .

[25]  Felix Bachmann,et al.  Security and Survivability Reasoning Frameworks and Architectural Design Tactics , 2004 .

[26]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[27]  Jan Bosch,et al.  Design and use of software architectures - adopting and evolving a product-line approach , 2000 .

[28]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.