Characterising user data protection of software components

Proposes a scheme to characterise non-functional security properties that are embedded within the functionality of software components. The security properties may be attached to various aspects of a component, such as resource allocation, user data protection, communication, and so on. In this paper, we are particularly interested in characterising the user data protection of software components. It is often reported that software components usually suffer from security and reliability problems. It is now widely recognised that the characterisation of the security properties of software components is an important issue to boost the confidence and trust in component technology. To address this issue, the characterisation of the security properties of components is the first challenging step. The work proposed in this paper is partially based on the functional requirements defined in the Common Criteria for Information Technology Security Evaluation endorsed by NIST. The applicability of the proposed scheme is demonstrated with a simple example.

[1]  Jeffrey M. Voas,et al.  Certifying Off-the-Shelf Software Components , 1998, Computer.

[2]  Yuliang Zheng,et al.  Security Characterisation and Integrity Assurance for Software Components and Component-Based System , 1998 .

[3]  Christine Mingins,et al.  Providing Trusted Components to the Industry , 1998, Computer.

[4]  Clemens A. Szyperski,et al.  Component software - beyond object-oriented programming , 2002 .

[5]  Michael R. Lowry,et al.  Component-Based Reconfigurable Systems , 1998 .

[6]  Jun Han An Approach to Software Component Specification , 1999 .

[7]  Jean-Marc Jézéquel,et al.  Making Components Contract Aware , 1999, Computer.

[8]  Khaled M. Khan,et al.  Security Properties of Software Components , 1999, ISW.

[9]  Erland Jonsson,et al.  A Map of Security Risks Associated wuth Using COTS , 1998, Computer.

[10]  Jeffrey M. Voas,et al.  The Challenges Of Using COTS Software In Component-Based Development , 1998, Computer.

[11]  LindqvistUlf,et al.  A Map of Security Risks Associated with Using COTS , 1998 .

[12]  Dennis W. Fife Workshop Reports , 1966 .

[13]  M VoasJeffrey Certifying Off-the-Shelf Software Components , 1998 .

[14]  John A. McDermid,et al.  The Cost of COTS , 1998, Computer.

[15]  Sushil Jajodia,et al.  Surviving Information Warfare Attacks , 1999, Computer.

[16]  Jun Han A comprehensive interface definition framework for software components , 1998, Proceedings 1998 Asia Pacific Software Engineering Conference (Cat. No.98EX240).

[17]  Raymond A. Paul,et al.  Toward Integrated Methods for High-Assurance Systems (Guest Editors' Introduction) , 1998, Computer.