Abstract
This paper will investigate the fundamental issues related to building and composing secure components. While all participants will closely cooperate, each will have primary responsibility in one area. The approach outlined in this paper develops a certification process for testing software components for security proper- ties. The anticipated results from this paper are a process, set of core white-box and black-box testing technologies to certify the security of software components and a framework for constructing compositional Component Security Assurance (CSA) based on the security property exposed by the atomic components. The manifestation of the product is a stamp of approval in the form of a digital signature.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Stephenson, J.: Web Services Architectures for Security. CBDi Journal (February 2003), http://www.cbdiforum.com/
Aoyama, M.: New Age of Software Development: New Component-Based Soft ware Engineering Changes the Way of Software Development. In: 1998 International Workshop on CBSE, ICSE, pp. 124–128 (1998)
CBSE 1998, Proceedings of International Workshop on Component-Based software Engineering, Kyoto Japan (April 1998), http://www.sei.cmu.edu/cbs/ics98/
Herzum, P., Sims, O.: Business Component Factory: A Comprehensive Overview of CBD for the Enterprise, December 1999. OMG press (1999)
Szyperski, C.: Component Software: Beyond Object-Oriented Programming. Addison- Wesley, London (1998), http://www.sei.cmu.edu/cbs/icse98/papers/p14.htm
D’Souza, D.F., Wills, A.C.: Objects, Components, and Frameworks With UML: The Catalysis Approach. Addison-Wesley Object, Reading (1998)
Information Technology-Software Life cycle Process (ISO/IEC 12207), (1998), http://standards.ieee.org/reading/ieee/std/
Vetterling, M., Wimmel, G., Wisspeintner, A.: Requirements analysis: Secure systems development based on the common criteria: the PalME project. In: Proceedings of the tenth ACM SIGSOFT symposium on Foundations of software engineering, November 2002, pp. 129–138 (2002)
Seacord, R.C.: Software Engineering Component Repository. In: Proceedings of 1999 International Workshop on CBSE, Los Angeles (1999), http://www.sei.cmu.edu/cbs/icse99/cbsewkshp.htm
Luqi, J.G.: Toward Automated Retrieval for a Software Component Repository. In: IEEE Conference and Workshop on Engineering of Computer-Based Systems (March 1999)
Kim, H.-K., Cha, J.-E., Kim, J.-Y., Park, E.-J.: Identification of Design Patterns and Components for Network Management System_. In: SNPD 2000 International Conference, May 2000, vol. 1(1), pp. 426–431 (2000)
D’Souza, D., Wills, A.: Objects, Components and Frameworks with UML:The Catalysis Approach. Addison-Wesley, Reading (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jeong, GB., Kim, GB. (2005). A Framework for Security Assurance in Component Based Development. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_5
Download citation
DOI: https://doi.org/10.1007/11424826_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25861-2
Online ISBN: 978-3-540-32044-9
eBook Packages: Computer ScienceComputer Science (R0)