Provably dependable software architectures
ISAW '98 Proceedings of the third international workshop on Software architecture
A Classification and Comparison Framework for Software Architecture Description Languages
IEEE Transactions on Software Engineering
Incorporating Non-functional Requirements into Software Architectures
IPDPS '00 Proceedings of the 15 IPDPS 2000 Workshops on Parallel and Distributed Processing
Secure Interoperation of Secure Distributed Databases
FM '99 Proceedings of the Wold Congress on Formal Methods in the Development of Computing Systems-Volume I - Volume I
A Formalization of Software Architecture
FM '99 Proceedings of the Wold Congress on Formal Methods in the Development of Computing Systems-Volume I - Volume I
Role-based authorization in decentralized health care environments
Proceedings of the 2003 ACM symposium on Applied computing
Towards an architectural treatment of software security: a connector-centric approach
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Performance modeling and analysis of software architectures: an aspect-oriented UML based approach
Science of Computer Programming - Special issue on system and software architectures(IWSSA'04)
A survey on CIO concerns-do enterprise architecture frameworks support them?
Information Systems Frontiers
Methods and limitations of security policy reconciliation
ACM Transactions on Information and System Security (TISSEC)
Enforcing provisioning and authorization policy in the Antigone system
Journal of Computer Security
Security policy refinement and enforcement for the design of multi-level secure systems
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Understanding security architecture
Proceedings of the 2008 Spring simulation multiconference
Architecture-based refinements for secure computer systems design
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Architectural Refinement and Notions of Intransitive Noninterference
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Suggested improvements to the DoDAF for modeling architectural security
SpringSim '09 Proceedings of the 2009 Spring Simulation Multiconference
Analyzing security architectures
Proceedings of the IEEE/ACM international conference on Automated software engineering
| Hi-index | 0.00 |
Abstract: The computer industry is increasingly dependent on open architectural standards for their competitive success. This paper describes a new approach to secure system design in which the various representations of the architecture of a software system are described formally and the desired security properties of the system are proven to hold at the architectural level. The main ideas are illustrated by means of the X/Open distributed transaction processing reference architecture, which is formalized and extended for secure access control as defined by the Bell-LaPadula model. The extension allows vendors to develop individual components independently and with minimal concern about security. Two important observations were gleaned on the implications of incorporating security into software architectures.