Implementation-Oriented Secure Architectures

We propose a framework for constructing secure systems at the architectural level. This framework is composed of an implementation-oriented formalization of a system's architecture, which we call the formal implementation model, along with a method for the construction of a system based on elementary analysis, implementation, and synthesis steps. Using this framework, security vulnerabilities can be avoided by constraining the architecture of a system to those architectures that can be rigorously argued to implement all corresponding functional and security requirements, and no other. Furthermore, the framework enables the verification and validation of system correctness by enforcing traceability of final system components to their corresponding design, architecture, and requirement work products

[1]  Jim Alves-Foss,et al.  Hidden Implementation Dependencies in High Assurance and Critical Computing Systems , 2006, IEEE Transactions on Software Engineering.

[2]  Jayakanth Srinivasan,et al.  A Safety and Human-Centered Approach to Developing New Air Traffic Management Tools , 2001 .

[3]  John Launchbury Galois: high assurance software , 2004, ICFP '04.

[4]  Nancy G. Leveson,et al.  A systems-theoretic approach to safety in software-intensive systems , 2004, IEEE Transactions on Dependable and Secure Computing.

[5]  Anthony Hall,et al.  Correctness by Construction: Developing a Commercial Secure System , 2002, IEEE Softw..

[6]  Alain Abran,et al.  The Guide to the Software Engineering Body of Knowledge , 1999, IEEE Softw..

[7]  Robert I. Damper,et al.  Editorial for the Special Issue on 'Emergent Properties of Complex Systems': Emergence and levels of abstraction , 2000, Int. J. Syst. Sci..

[8]  David Garlan,et al.  Documenting software architectures: views and beyond , 2002, 25th International Conference on Software Engineering, 2003. Proceedings..

[9]  Nancy G. Leveson Intent Specifications: An Approach to Building Human-Centered Specifications , 2000, IEEE Trans. Software Eng..

[10]  Jason Price Oracle Database 10g SQL , 2004 .

[11]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[12]  Heather M. Hinton Under-specification, composition and emergent properties , 1998, NSPW '97.