Journal of Automated Reasoning
ACM Transactions on Computer Systems (TOCS)
Extending Objects to Support Multiple Interfaces and Access Control
IEEE Transactions on Software Engineering
Object-oriented modeling and design
Object-oriented modeling and design
Object-oriented analysis and design with applications (2nd ed.)
Object-oriented analysis and design with applications (2nd ed.)
Model checking and abstraction
ACM Transactions on Programming Languages and Systems (TOPLAS)
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Role-Based Access Control Models
Computer
Implementing role-based access control using object technology
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
How to do discretionary access control using roles
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Verifying Authentication Protocols in CSP
IEEE Transactions on Software Engineering
Inside CORBA: distributed object standards and applications
Inside CORBA: distributed object standards and applications
The object constraint language: precise modeling with UML
The object constraint language: precise modeling with UML
SafeBots: a paradigm for software security controls
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Architecture-driven modeling of real-time concurrent systems with applications in FMS
Journal of Systems and Software
Meta objects for access control: a formal model for role-based principals
Proceedings of the 1998 workshop on New security paradigms
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Corba security: an introduction to safe computing with objects
Corba security: an introduction to safe computing with objects
Object-Oriented Software Construction
Object-Oriented Software Construction
Migrating to Object Technology
Migrating to Object Technology
Integrated architectural modeling and analysis for high-assurance command and control system design
Annals of Software Engineering
Security Constraint Processing in a Multilevel Secure Distributed Database Management System
IEEE Transactions on Knowledge and Data Engineering
Towards a Mechanization of Cryptographic Protocal Verification
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
CAV '93 Proceedings of the 5th International Conference on Computer Aided Verification
A Resource Access Decision Service for CORBA-Based Distributed Systems
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
User Authentication and Authorization in the Java(tm) Platform
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Security Policy Coordination for Heterogeneous Information Systems
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Towards an architectural treatment of software security: a connector-centric approach
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
A threat-driven approach to modeling and verifying secure software
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Science of Computer Programming
Security policy refinement and enforcement for the design of multi-level secure systems
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
A rigorous methodology for security architecture modeling and verification
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Architecture-based refinements for secure computer systems design
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Component-based security policy design with colored Petri nets
Semantics and algebraic specification
Analyzing security architectures
Proceedings of the IEEE/ACM international conference on Automated software engineering
Idea: simulation based security requirement verification for transaction level models
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
An abstract model of a trusted platform
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Secure interoperation design in multi-domains environments based on colored Petri nets
Information Sciences: an International Journal
Compositional verification of application-level security properties
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
Hi-index | 0.00 |
Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure secure access to distributed resources in networked environment. In particular, the composition of the systems must consistently assure security policies that it is supposed to enforce. However, there is currently no rigorous and systematic way to predict and assure such critical properties in security system design. In this paper, a systematic approach is introduced to address the problem. We present a methodology for modeling security system architecture and for verifying whether required security constraints are assured by the composition of the components. We introduce the concept of security constraint patterns, which formally specify the generic form of security policies that all implementations of the system architecture must enforce. The analysis of the architecture is driven by the propagation of the global security constraints onto the components in an incremental process. We show that our methodology is both flexible and scalable. It is argued that such a methodology not only ensures the integrity of critical early design decisions, but also provides a framework to guide correct implementations of the design. We demonstrate the methodology through a case study in which we model and analyze the architecture of the Resource Access Decision (RAD) Facility, an OMG standard for application-level authorization service.