Specification of computer programs
Specification of computer programs
Correctness and composition of software architectures
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Specification and Analysis of System Architecture Using Rapide
IEEE Transactions on Software Engineering - Special issue on software architecture
Correct Architecture Refinement
IEEE Transactions on Software Engineering - Special issue on software architecture
MITRE technical report 2547, volume II
Journal of Computer Security
Checking the Correctness of Architectural Transformation Steps via Proof-Carrying Architectures
WICSA1 Proceedings of the TC2 First Working IFIP Conference on Software Architecture (WICSA1)
Refining Interfaces of Communicating Systems
TAPSOFT '91 Proceedings of the International Joint Conference on Theory and Practice of Software Development, Volume 2: Advances in Distributed Computing (ADC) and Colloquium on Combining Paradigms for Software Developmemnt (CCPSD)
Refinement of Information Flow Architectures
ICFEM '97 Proceedings of the 1st International Conference on Formal Engineering Methods
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
| Hi-index | 0.00 |
This paper describes the process of implementing an architecture for secure distributed transaction processing, the process of verifying that it has the desired security properties, and the implementation that resulted. The implementation and verification processes provided us with valuable experience relevant to answering several questions posed by our research on transformational development of architectures. To what extent can implementation-level architectural descriptions be derived from abstract description via application of transformations that preserve a broad class of properties, which includes satisfaction of various access control policies? To what extent can a formal derivation of a non-secure implementation-level distributed transaction processing architecture be reused in derivation of a secure architecture? Are the transformation verification techniques that we have developed sufficient for verifying a collection of transformations adequate for implementing complex secure architecture? Do our architecture hierarchies effectively fill the gap between abstract, intellectually manageable models of a complex architecture and the actual implementation? Exploring the answers to these questions resulted in a reference implementation of an architecture for secure distributed transaction processing, and an independently interesting demonstration instance of the reference implementation.