Abstract
Security is an important quality attribute required in many software intensive systems. However, software development methodologies do not provide sufficient support to address security related issues. Furthermore, the majority of the software designers do not have adequate expertise in the security domain. Thus, security is often treated as an add-on to the designed architecture. Such ad-hoc practices to deal with security issues can result in a system that is vulnerable to different types of attacks. The security community has discovered several security sensitive design patterns, which can be used to compose a security sensitive architecture. However, there is little awareness about the relationship between security and software architecture. Our research has identified several security patterns along with the properties that can be achieved through those patterns. This paper presents those patterns and properties in a framework that can provide appropriate support to address security related issues during architecture processes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 2nd edn. Addison-Wesley, Reading (2003)
Kazman, R., Barbacci, M., Klein, M., Carriere, S.J.: Experience with Performing Architecture Tradoff Analysis. In: Proc. of the 21th International Conference on Software Engineering. ACM Press, New York (1999)
Kazman, R., Bass, L., Abowd, G., Webb, M.: SAAM: A Method for Analyzing the Properties of Software Architectures. In: Proc. of the 16th ICSE (1994)
Bosch, J.: Design & Use of Software Architectures: Adopting and evolving a product-line approach. Addison-Wesley, Reading (2000)
Boehm, B., In, H.: Identifying Quality-Requirement Conflicts IEEE Software 13(2), 25–35 (1996)
Lassing, N., Rijsenbrij, D., Vliet, H.: The goal of software architecture analysis: Confidence building or risk assessment. In: Proceedings of First BeNeLux conference on software architecture (1999)
CERT. CERT/CC Statistics 1988-2004 (Last accessed on February 26, 2005), Available from: http://www.cert.org/stats/cert_stats.html
Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, Reading (2001)
Lamsweerde, A.v.: Elaborating Security Requirements by Construction of Intentional Anti-Models. In: Proc. of the 26th Int’l. Conf. on Software Eng (ICSE), Endinburgh, Scotland (2004)
Yoder, J., Barcalow, J.: Architectural Patterns for Enabling Application Security. In: Proc. of the 4th Pattern Languages of Programming, Washington, USA (1997)
Kienzle, D.M., Elder, M.C.: Final Technical Report: Security Patterns for Web Application Development (Last accessed on February 18, 2005), Available from: http://www.scrypt.net/~celer/securitypatterns/
Kienzle, D.M., Elder, M.C.: Security Patterns: Template and Tutorial (Last accessed on February 18, 2005) Available from: http://www.scrypt.net/~celer/securitypatterns/
Schumacher, M.: AMEC 2000. Lecture Notes in Compuer Science. Springer, Heidelberg (2003)
Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security Patterns Repository - Version 1.0 (Last accessed on 18 February 2005), Available from, http://www.scrypt.net/~celer/securitypatterns/
IEEE Standard 1061-1992, Standard for Software Quality Metrics Methodology. Institute of Electrical and Electronic Engineers, New York (1992)
McCall, J.A.: Quality Factors. In: Marciniak, J.J. (ed.) Encyclopedia of Software Engineering, pp. 958–971. John Wiley, New York (1994)
ISO/IEC, Information technology - Software product quality: Quality model. ISO/IEC FDIS 9126-1:2000(E)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns-Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)
Petersson, K., Persson, T., Sanden, B.I.: Software Architecture as a Combination of Patterns. CrossTalk The Journal of Defense Software Engineering (October 2003)
Buschmann, F.: Pattern-oriented software architecture: a system of patterns, p. 457. Wiley, Chichester (1996)
Hohmann, L.: Beyond Software Architecture: Creating and sustaining winning solutions. Pearson Education, Inc., London (2003)
Proctor, P.E., Byrnes, F.C.: The Secured Enterprise: Protecting your information assets. Prentice Hall PTR, Englewood Cliffs (2002)
Ali-Babar, M.: Scenarios, Quality Attributes, and Patterns: Capturing and Using their Synergistic Relationships for Product Line Architectures. In: Proc. of the Int,l. Workshop on Adopting Product Line Software Engineering, Busan, South Korea (2004)
Zhu, L., Ali-Babar, M., Jeffery, R.: Mining Patterns to Support Software Architecture Evaluation. In: Proc. of the 4th Working IEEE/IFIP Conference on Software Architecture (2004)
Ali-Babar, M., Kitchenham, B., Maheshwari, P., Jeffery, R.: Mining Patterns for Improving Architecting Activities - A Research Program and Preliminary Assessment. In: Proc. of 9th Int’l. conf. on Empirical Assessment in Software Engineering, Keele, UK (2005)
Bass, L., John, B.E.: Linking usability to software architecture patterns through general scenarios. Journal of Systems and Software 66(3), 187–197 (2003)
Folmer, E., Gurp, J.v., Bosch, J.: A Framework for Capturing the Relationship between Usability and Software Architecture. Software Process Improvement and Practice 8(2), 67–87 (2003)
Bass, L., Klein, M., Moreno, G.: Applicability of General Scenarios to the Architecture Tradeoff Analysis Method, Tech Report CMU/SEI-2000-TR-014, Softwar Engineering Institute, Carnegie Mellon University (2001)
Singh, I., Stearns, B., Johnson, M., Team, E.: Designing Enterprise Applications with the J2EETM Platform. Addison Wesley Professional, Reading (2002)
Schneier, B.: Secrets and Lies: Digital Security In a networked world. Wiley Computer Publishing, Chichester (2000)
Bass, L., Klein, M., Bachmann, F.: Quality Attribute Design Primitives and the Attribute Driven Design Method. In: Proceedings of the 4th International Workshop on Product Family Engineering, Bilbao, Spain (2001)
Romanosky, S.: Security Design Patterns (Last accessed on 21th February 2005), Available from, http://www.cgisecurity.com/lib/securityDesignPatterns.pdf
Feghhi, J., Feghhi, J., Williams, P.: Digital Certificates: Applied Internet Security. Addison Wesley Longman, Inc., Amsterdam (1999)
Juric, M., et al.: Patterns Applied to Manage Security, in J2EE Patterns Applied: Real World Development with Pattern Frameworks, Peer Information (2002)
Ellison, R.J., Moore, A.P., Bass, L., Klein, M., Bachmann, F.: Security and Survivability Reasoning Frameworks and Architectural Design Tactics, Tech Report CMU/SEI-2004-TR-022, SEI, Carnegie Mellon University, USA (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Babar, M.A., Wang, X., Gorton, I. (2005). Supporting Security Sensitive Architecture Design. In: Reussner, R., Mayer, J., Stafford, J.A., Overhage, S., Becker, S., Schroeder, P.J. (eds) Quality of Software Architectures and Software Quality. QoSA SOQUA 2005 2005. Lecture Notes in Computer Science, vol 3712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11558569_11
Download citation
DOI: https://doi.org/10.1007/11558569_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29033-9
Online ISBN: 978-3-540-32056-2
eBook Packages: Computer ScienceComputer Science (R0)